pfBlockerNG blocking access to android bank app
-
Go to the Reports/Alerts Tab, access the site, refresh the tab and it will tell you what is blocked.
You can also hit F12 in a browser to inspect the Network activity.
-
Hello @RonpfS ,
Thank you for the fast reply. I’ve bin there. There is nothing to see in the Reports/Alerts Tab that makes any sense to me regarding the app. The F12 option is only for Windows platforms. The website of the bank is working properly. The problem is the android app. Looked all day for a proper solution, but still no luck. Drives me crazy!
-
Hi,
The app is hitting an IP or using a domain that is listed DNSBL.
Goto
and check :
as you can see, my iPhone (IP 192.168.2.5) tried to load some stuff from domains that are blocked.
That is, an ap I was using tried to load some adds or comparable.Shut down the app on your phone.
Open this log.
Open the app on your phone.
Refresh the log.
The latest new entries are probably your phone - check with host name and/or the local LAN IP.The domains listed could be the ones listed that the app tries to open - and it was blocked.
Whitelist them by clicking on black + sign.
Make it a wildcard whitelist.
Add a note for yourself.Retest.
Btw : a bank app is using and loading publicity from known publicity servers ?? Strange.
-
Hi @Gertjan,
Thanks for the help. Did exactly what you described. But nothing does the trick.
In my DNS cache I found the following CNames. Tried to exclude them in de DNSBL list. Unfortunately no result.
bankieren.rabobank.nl.edgekey.net.
log.rabobank.nl.edgekey.net.
www.rabobank.nl.edgekey.net.Any idea's?
-
When you use the Report tab to Whitelist domains, pfblockerNG will gather the CNAMEs and whitelist them.
Maybe it is the IPs that get blocked and not the Domain name.
-
@RonpfS I am starting also to believe that it is IP related. But still I do not see anything that is blocked regarding the banking app.
-
I found that there are various tracking services used by the rabobank app.
After allowing the below services everything started working...But no way i keep these allow rules for just 1 app. I will send feedback to the rabobank regarding their app. No way a banking app should be so intrusive and at least this tracking should never block functionality.
Its a bug imo.tags.tiqcdn.com # rabo www.tags.tiqcdn.com # rabo tags.tiqcdn.com.edgekey.net # CNAME for (tags.tiqcdn.com) e8091.a.akamaiedge.net # CNAME for (tags.tiqcdn.com) sdk.split.io # rabo www.sdk.split.io # rabo f2.shared.global.fastly.net # CNAME for (sdk.split.io) events.split.io # rabo www.events.split.io # rabo events-aws-prod-elb.split.io # CNAME for (events.split.io) events-prod-1-1033355748.us-east-1.elb.amazonaws.com # CNAME for (events.split.io) w.usabilla.com # rabo www.w.usabilla.com # rabo app-measurement.com # rabo www.app-measurement.com # rabo google-analytics.com # rabo www.google-analytics.com # rabo www-google-analytics.l.google.com # CNAME for (google-analytics.com) -
In fact, i found that the only truly blocking are the ones from google....
Thats the last one i want in my allow list .....google-analytics.com # rabo www.google-analytics.com # rabo www-google-analytics.l.google.com # CNAME for (google-analytics.com) -
Last reply from my side.
I fixed it by changing the DNS Virtual IP to 127.0.0.1.
Whitelist is empty again, ads are still blocked.This obviously breaks the functionality where a user is informed that something was blocked by the network administrator , but for home usage this is fine and this is how most home adblockers work anyway.
Probably its an implementation issue in the rabobank bankieren app. But this solution is fine for me.
In fact , routing dns requests to localhosts instead of a 'remote' service is faster at the end (probably unnoticeable , but anyway ;) )
-
Hi @tabnul,
You are my HERO! Also want to thank you for replying to my post. Many many thanks.
Any explanation why routing DNS to 127.0.0.1 instead of 10.10.10.1? Look also forward to how you figured this out…
Again, you are the King
Regards,
Herman -
@Herman
I dont know why this fix solves it but apparently the app expects a valid api response from google analytics whenever it gets a non 4** response code. When routing to 127.0.0.1 it receives a 404 , apparently thats fine.Probably it will break again when you run a webserver on your local machine listening on port 80 this way.
It was just a wild guess from my side.IMO this still is a bug in the App, and/or the google SDK they used for setting up the logic.
-
Thanks a lot for your explanation. Anyway it works.
Is there a possibility that no blocking results are shown at the alerts after the change to 127.0.0.1? It keeps showing 0. Even after updating and reloading. Any Thoughts?
Herman
-
You are right, this seems to mess up the stats... thats a shame.
Apparently stats are collected by http requests on the virtual ip. -
what might be the case here is that the issue is caused by an invalid SSL certificate on the virtual IP adress. In fact i would expect that.
(i mean the original issue) -
probably it is the issue.
you can fix it by handling the google ad services differently. they wont get logged then, but everything else will.
See;
https://forum.netgate.com/topic/111095/dnsbl-certificate-errors/46
and
https://forum.netgate.com/topic/133055/dnsbl-modify-default-bloked-webpage/30 -
@tabnul
Again many thanks for your input.I have read the articles. When I am right I have to null route the google domains? Right? I must admit that I am not a deep dive nerd when it comes to routing.
Would you like to explain how I have to configure this regarding the banking app?
Thanks in advance,
Herman -
Tried to figure it out by myself with the websites you provided. Unfortunately I do not get it working. So if someone would like to help I appreciate this…
Regards Herman
-
Hello,
I just whitelist these URL's. Now de Rabobank App is working again.app-measurement.com # RabobankAPP
.sdk.split.io # RabobankAPP2
.f2.shared.global.fastly.net # CNAME for (sdk.split.io)
.events.split.io # RabobankAPP3
.events-prod-1-1033355748.us-east-1.elb.amazonaws.com # CNAME for (events.split.io)
.tags.tiqcdn.com # RabobankAPP4
.tags.tiqcdn.com.edgekey.net # CNAME for (tags.tiqcdn.com)
.e8091.a.akamaiedge.net # CNAME for (tags.tiqcdn.com)Maybe only the last 3 url's is enough. That i didn't test.
-
Hi, I am truly sorry to revive this old thread but I just wanted to point out that I have come across this same issue with the ING Spain bank app on Android, it's the same issue as Rabo Bank mentioned here, but with ING Spain instead. The issue also seem to related with ".app-measurement.com" from my brief testing, but it could be others (ingdirect.es, ing.es, ing.com, ing.net and ing.nl). I thought that creating a new thread just for this would be pointless so that's why I am using this old thread.
Pointing DNSBL Virtual IP Address's to 127.0.0.1 instead of 10.10.10.1 works for me. However that breaks "DNSBL Block Stats" and it stops updating which is a shame because it was useful and nice to see what was getting blocked.
The user @tabnul tabnul mentions there could be a fix to handle .app-measurement.com (as they call it Google Ad Servcies) differently by pointing to different other threads however I am also lost on how to do what they say, perhaps it's because I am also not a deep dive nerd like the user @Herman who started this thread
.I don't want to whitelist .app-measurement.com since one of the reasons of me installing pfBlockerNG was to block stuff like that (adverts and telemetry mainly) and that URL is specifically for Google Analytics on Android apps. So I don't really know what to do.
Does anyone have any idea after all these years on what could be done?
Thanks in advance.
-
@nanopulga
A bank app that uses or 'needs' ".app-measurement.com" to be accessible ?
No way .....
Afaik, it's the phone OS that collect app usage, and then calls home with the info. If it can't send the info, it shouldn't stop you from using the app.....@nanopulga said in pfBlockerNG blocking access to android bank app:
Pointing DNSBL Virtual IP Address's to 127.0.0.1 instead of 10.10.10.1 works for me
Why 127.0.0.1 ?
Just :
== 0.0.0.0 and you're fine.
pfBlockerng logging and stats work fine.
