Multiple unknown accesses from an Expo standalone app


#1

I’ve just run exp build:android and downloaded the apk file. Then I run adb install .... When I open the app on my phone I notice multiple accesses I don’t recognize. To many Amazon EC2 instances, to gig50.r.cloud-front.net, to in-addr.arpa, to edge-star-shv-01-scl1.facebook.com and to bc.googleusercontent.com.

Any idea where all those accesses came from? I have them blocked with a firewall and my app didn’t even started. Does Expo add those?

Thanks for your help!


#2

Hi! Most of these look like initialization for parts of the Expo app.

in-addr.arpa is used for reverse DNS, I think, and is normal for lots of apps.

cloud-front.net is the CDN used for serving JS bundles and media assets to the Expo client app, and also where we host user’s applications.

facebook.com and googleusercontent.com seem like they’re probably pinged when initializing the FBAds module and the Google sign-in module in the Expo SDK.

Perhaps @ide has more specific information about these? I suspect we may want to load these modules lazily so they only hit the network when you’re making use of those functions. I’ll open a request internally to audit network traffic here and make sure we’re only doing what’s needed. In general though chatty network traffic is pretty common for lots of mobile apps.