Update directly from MSOHM at BlackBerry:
"I can confirm the issue hasn't been fixed yet. It'll likely appear in a BBM update early next year."
-Freeze
Printable View
Update directly from MSOHM at BlackBerry:
"I can confirm the issue hasn't been fixed yet. It'll likely appear in a BBM update early next year."
-Freeze
I think you have a poorly written app that runs headless and doesn't play nice with BBM.
So, here is is the solution:
http://forums.crackberry.com/blackbe...attery-980001/
It basically requires that you disallow apps from running headless and accessing BBM.
How? He did a full wipe and only tested BBM which still had the issue.
Posted via CB10
No. He has tested his device fresh and with only BBM. Same issue.
Also, I clearly posted right above you that MSOHM has acknowledged the issue and will try to have it resolved early next year.
Everyone,
To answer a few things I keep seeing come up:
Q: What is api.mixpanel.com and should I be worried?
A: It appears to be an anonymous analytics service that lets BB see what features people are using in BBM. It's annoying but I wouldn't be worried
Q: What devices use api.mixpanel.com and who is transmitting to it?
A: Everyone on a BB10 device and Everyone on the android app it appears. I cant confirm anything else. It would be nice to see an option to turn this off in the future without ad blocking.
Q: Will I have this issue if I do not use DNS ad blocking?
A: It appears it will ONLY happen in wifi networks with DNS ad blocking of api.mixpanel.com
Q: How can you be sure this isn't related to an app/something your doing or a setting?
A: That's easy... I did a complete security wipe and then tested this issue on a fresh factory default install of 10.2.1 and 10.3.1 leak. The testing was done by loading the OS fresh, connecting to wifi, updating BBM and other factory installed apps to the latest version, and then using the phone for about 60 minutes to chat on BBM. Also Blackberry themselves confirmed this issue here: https://www.blackberry.com/jira/browse/BBTEN-2751
Thanks everyone for your good suggestions for testing, fixes and your support. The best thing you can do now is upvote the bug here: https://www.blackberry.com/jira/browse/BBTEN-2751 where it will go directly to BB. Please refrain from making comments there talking about how serious this is and how they need to "do something now". That will serve no purpose.
Thanks! Truly appreciate all the work you did looking into this issue.
Posted via CB10
One question only the OP or someone with a similar setup can answer. Why not allow the traffic for a moment and monitor how often it transmits over a period. Clearly there is a base code issue with a retry or event driven sending that makes the code do a loop.
You know it's there, but really how many legit connections will it make. One? Thousands? I would be interested to know how many connections it makes over a defined period.
I'm setting up my firewall to report on connection attempts now and will report back in a few hours. Doing a packet capture is pointless because the data will be encrypted.
Update:
On second thought... i'm going to do a packet capture too.. Why not lol
Attachment 319833
Ok everyone, I got results!
BBM does infact communicate actively to mixpanel. It appears it only does this when you open the BBM shop. I let it sit actively chatting on bbm and using groups and everything for over an hour without a single packet hit. I then opened BBM shop and started browsing stickers. EVERY TIME I CLICKED SOMETHING IT SENT DATA TO api.mixpanel.com
Kina creepy and gave me the chills... literally every time I tapped the screen I would see encrypted data leaving my phone and go to api.mixpanel.com
Connection log:
Attachment 319839
Screenshot of wireshark capture:
Attachment 319840
I think this answers what it's used for. BBM does not appear to use mixpanel to track our every move... until we open the shop.
If someone thinks it will serve a purpose I will post the wireshark capture of the communication to api.mixpanel.com... but it's all encrypted
I knew the question would come up.... "Dave, are you sure api.mixpanel isn't just the webhost for the BBM shop? Are you sure it's actually doing tracking?"
The proof is in the pudding... or in this case the connection log :P
I purposely shunned (blocked all communication to and from) mixpanel's entire network block and was able to successfully browse the bbm shop! I should note now that even after I closed the shop my Q10 is relentlessly trying to contact mixpanel... about once a second.
They want my analytics!
Connection log showing blocked packets:
Attachment 319842
Syslog showing my Q10 trying over and over again to send data to mixpanel even after I closed BBM shop for over 5 minutes:
Attachment 319846
Checkmate? :P
Just do what I said to do in my linked post and see if it works.
I had the same problem. 100 Meg of data used doing nothing. Battery getting killed. App monitor saying that bbm was the cause. I resolved it for myself. Why not spend 5 minutes doing what I did instead of standing up dns servers and such.
Posted via CB10
What about tuning off the allow device to send data to BlackBerry? Maybe it obeys that or maybe not.
Posted via CB10
INTz:
I already do have this off
kfh227:
I did this earlier in the conversation. See post #54. Also somewhere yesterday I did say I disabled all background apps. You bring up a valid point that apps can cause an issue similar to this. But this issue is caused by the Blackberry software itself
See posts #84 and #85 above
I have just now confirmed when having a normal BBM conversation if you send a "sticker" to someone, api.mixpanel.com is contacted as soon as you click it. There is no communication if someone sends you a sticker... only when you use one.
Analytics for things you buy/use in/from the shop. Not surprising. Thanks for the details/work.
The question is... Is this detailed in a privacy policy or EULA somewhere? To be honest I'm not sure. Anyone know? I could check but honestly spent too much time on this issue recently lol
Any terms and conditions script in existence has some variation of the sentence:
"(Anonymous/generic) user data may be used to improve the service. It won't be shared with any third party." I think that pretty much covers any such api that isn't directly involved in advertisements.
BlackBerry Passport signed @ C0007CC89
BBs EULA is pretty similar to Google et tal in terms of data mining. Its expected really, they want info on their customers too. They just don't use it target ads. Not too happy they are using a third party but we can't do anything about that.
Very good sleuth work and analysis by OP. This kind of effort shows we got some really smart people here.
Even with all this... sir did you try rebooting your device and have you checked your wifi settings? Yeah, I hear you.
Sent from my BlackBerry 9900 using Tapatalk
I think you have done a pretty thorough job of the investigation. Ignore those that don't understand DNS. I may try to replicate it if I get a chance, but I think your tests are very thorough and logical. I do understand DNS and firewalls. And I have seen failed DNS request bugs in software that create retry loops. These are bugs.
There is a setting to collect data, generally in BB10 (I forget where it is). If this is off, I would expect this type of monitoring to be off unless BBM has a separate agreement. It it doesn't turn off this could be a privacy policy violation.
Either way, it is a bug though because no situation should create a DNS retry of that nature. TTL and cached entries mean the value retrieved will always be the same. I deal with poor wifi signals in old buildings with metal shielding between sections. I wonder how this would impact the DNS loop. That is no reply versus a 0.0.0.0 or 127.0.0.1 as the reply. And forgive me if this was already mentioned. You have done a great systematic job on this, free of charge for BlackBerry.
Rockin a Passport and Z30! Two devices are better than 1!
Appreciate all the positive feedback. I'm willing to bet there is a separate agreement for shop. When I reloaded my device I noticed (and remembered) that after they added the BBM show they displayed that splash screen that required you to accept the EULA all over again. So it's confirmed this is a but on the Q/Z10 with software 10.2.1 and 10.3.1(unfinished). I wonder if this is an issue on the Passport. If anyone from BB is listening I would love to test that theory out for you free of charge : hint hint :
LOL
Good thing to do, this will answers a lot. Thanks for going through the trouble.
Posted via CB10
I will look into this on my Passport. I do have cached entries for api.mixpanel.com before I start. Deleting those and adding test values. I will try just blocking these IP addresses on my firewall as well.
198.23.64.18 to .22
Rockin a Passport and Z30! Two devices are better than 1!
Everyone will have different IP's for api.mixpanel.com depending on your location. If you block traffic you should see it retry over and over again... if you give it invalid DNS you should see it throw a temper tantrum :) Keep in mind you have to do something with BBM shop to get it to try to contact mixpanel. If you are testing with invalid DNS you don't have to do anything... just use bbm normally
I did see a sharp increase in battery usage by BBM. Even after I stopped using the device (left BBM in an active frame) to the point that it killed my battery when normally leaving it idle would be fine. I didn't see any unusual activity on my DNS servers but I can't install wireshark either and was just using the Windows resource monitor, which might not reflect the activity accurately. My Passport is running OS version 10.3.0.1418.
Rockin a Passport and Z30! Two devices are better than 1!