I was checking my Pi-Hole and noticed a lone spike of 700+ requests coming from my phone (Android 16) this morning. Upon checking the logs, it’s all bogus domains corresponding to package names of apps I have previously installed via the Play Store, but never on this phone.
Going further back in the query log, I realized it also includes the package name of an app I developed years ago but never published on the store, nor on this phone. There’s also a whole bunch of my browsing history apparently, domains I haven’t visited in years - from the age of some of them I’m pretty sure it’s Chrome history, as I only used Firefox sync for a brief period and my local history is <1y.
What the actual fuck? This is a Nothing Phone 3a, updated to Android 16 just a couple of days ago.
That’s precisely why they can’t do the scan from their servers. They don’t know the domains - they’re decrypted only on your device.
I feel like this is a tad dramatic. Surely, your vault contains more data, probably more sensitive, than just domain names.