Focus-android: Issues with random.org (redirecting)

Created on 18 Dec 2017  路  11Comments  路  Source: mozilla-mobile/focus-android

Via GPS

"It doesn't work for all websites. After turning on all trackers, m.timesofindia.com kept redirecting to random.org site."

needs investigation

Most helpful comment

Found the issue (possibly)

Indian news websites (TOI and ET) are probably loading an iframe which has an advertisement for a Cricket score app known as Cricbuzz.

When a user scrolls this page (on cache-cleared session), a call to method shouldOverrideUrlLoading results which tries to handle unsupported URL (The comments in the method are very helpful.).

The unsupported URL passed to this method is :
intent://www.colombia-sdk.com/dl#Intent;scheme=http;launchFlags=0x10000010;package=com.cricbuzz.android;component=com.cricbuzz.android/com.til.colombia.dmp.android.PsA;S.browser_fallback_url=http%3A%2F%2Frandom.org;S.id=be28ffe7-cc5e-478e-993b-05ff87cf3cc0-10o78;end

The browser_fallback_url value contains random.org, which gets opened using this handleUnsupportedLink method.

There are two things which are still not understood (need help here) :

  • Despite installing Cricbuzz app for testing, the fallback URL (random.org) was opened and NOT the dialog to switch app.
  • On reloading the article, redirection to random.org does not happen.

Unrelated note : Cricbuzz's parent company Times Internet is a subsidiary of Times of India Group which owns TOI (Times of India) and ET (Economic Times). This could be why the bug reports came mostly from India when users were browsing news articles on these two sites.
The JS loaded on ET was from domain static.clmbtech.com, which on Google search returns colombiaonline.com. The top 2 publisher platforms on its homePage are TOI and ET. The invalid URL intent also has _colombia_ in it.

All 11 comments

Some thoughts from triage:

  • IP address of random.org in the code?
  • DNS hijacking

FYI: this was also filed for Focus Android on bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1435492

@ekager when you have some cycles away from GV hacking, this may be something to investigate for an hour or two to see if you can suss out anything.

happens to me too with firefox focus.
open the app google news, then open the link from times of india or economic times from the feed then it will redirect most of the time. firefox focus if my default browser.

Successfully reproduced. I started with India's news website TOI and ET and was able to reproduce it with an article from Economic Times (ET).
Here is the link to the article.

A 26 seconds video recorded of replication can be found on this imgur link.

This issue is consistently occurring and can be replicated with some other articles too. Did a search for random.org (and its IP) in the entire source code and found nothing.
(Random.org is hosted behind Cloudflare network and they do not allow opening websites via IP).
This issue needs further investigation.

Firefox Focus 4.0.2 on Redmi device (Also occurring on other devices)

@steptowards Thank you! This is super helpful. With your link I am able to reproduce this! 馃帀

Some observations:

  • The redirect only happens after I start scrolling the page
  • It happens even if I disable all content blockers in settings.
  • If I load the page, open the menu and press "reload" then it does not happen if I start scrolling the page. That's pretty weird. It almost looks like this only happens after a fresh load without cache?

@pocmo These observations are correct.

  • Redirection to random.org only starts when we start scrolling the article in the link.
  • On pressing reload on the article link and scrolling again, the redirection is not happening.
  • On cleaning history using the trash icon, opening the link and then scrolling, redirection is happening.

Awesome investigation @steptowards, what are the next steps to fix it?

Found the issue (possibly)

Indian news websites (TOI and ET) are probably loading an iframe which has an advertisement for a Cricket score app known as Cricbuzz.

When a user scrolls this page (on cache-cleared session), a call to method shouldOverrideUrlLoading results which tries to handle unsupported URL (The comments in the method are very helpful.).

The unsupported URL passed to this method is :
intent://www.colombia-sdk.com/dl#Intent;scheme=http;launchFlags=0x10000010;package=com.cricbuzz.android;component=com.cricbuzz.android/com.til.colombia.dmp.android.PsA;S.browser_fallback_url=http%3A%2F%2Frandom.org;S.id=be28ffe7-cc5e-478e-993b-05ff87cf3cc0-10o78;end

The browser_fallback_url value contains random.org, which gets opened using this handleUnsupportedLink method.

There are two things which are still not understood (need help here) :

  • Despite installing Cricbuzz app for testing, the fallback URL (random.org) was opened and NOT the dialog to switch app.
  • On reloading the article, redirection to random.org does not happen.

Unrelated note : Cricbuzz's parent company Times Internet is a subsidiary of Times of India Group which owns TOI (Times of India) and ET (Economic Times). This could be why the bug reports came mostly from India when users were browsing news articles on these two sites.
The JS loaded on ET was from domain static.clmbtech.com, which on Google search returns colombiaonline.com. The top 2 publisher platforms on its homePage are TOI and ET. The invalid URL intent also has _colombia_ in it.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

antlam picture antlam  路  6Comments

STPR picture STPR  路  6Comments

callahad picture callahad  路  8Comments

mcomella picture mcomella  路  5Comments

abusedcharacter picture abusedcharacter  路  5Comments