Traffic to Google observed when using Vanadium for the first time

[realbiz21]

Unknown traffic was observed to update.googleapis.com and gvt1.com when running Vanadium for the first time.

Vanadium 93.0.4577.82

Is this downloading proprietary Google updates?

The below is a tshark/wireshark capture with a "dns or http" filter:

  56  70.239821    10.0.2.16 → 10.0.2.3     DNS 96 Standard query 0x6d2c A connectivitycheck.grapheneos.network
   57  70.249497    10.0.2.16 → 10.0.2.3     DNS 79 Standard query 0xb832 A time.grapheneos.org
   64  70.355080     10.0.2.3 → 10.0.2.16    DNS 123 Standard query response 0x6d2c A connectivitycheck.grapheneos.network A 167.114.34.100 OPT
   65  70.447498     10.0.2.3 → 10.0.2.16    DNS 106 Standard query response 0xb832 A time.grapheneos.org A 167.114.34.100 OPT
   69  70.565518    10.0.2.16 → 10.0.2.3     DNS 96 Standard query 0x63df AAAA connectivitycheck.grapheneos.network
   72  70.613809     10.0.2.3 → 10.0.2.16    DNS 135 Standard query response 0x63df AAAA connectivitycheck.grapheneos.network AAAA 2607:5300:205:200::b44 OPT
  105  71.056844    10.0.2.16 → 167.114.34.100 HTTP 288 GET /generate_204 HTTP/1.1
  111  71.124042 167.114.34.100 → 10.0.2.16    HTTP 172 HTTP/1.1 204 No Content
  243 794.667914    10.0.2.16 → 10.0.2.3     DNS 81 Standard query 0x05a6 A update.googleapis.com
  244 794.670848    10.0.2.16 → 10.0.2.3     DNS 81 Standard query 0xe44c AAAA update.googleapis.com
  245 794.794749     10.0.2.3 → 10.0.2.16    DNS 120 Standard query response 0xe44c AAAA update.googleapis.com AAAA 2607:f8b0:4009:80b::2003 OPT
  246 795.679528    10.0.2.16 → 10.0.2.3     DNS 81 Standard query 0x62a2 A update.googleapis.com
  247 795.706797     10.0.2.3 → 10.0.2.16    DNS 108 Standard query response 0x62a2 A update.googleapis.com A 172.217.4.35 OPT
  287 796.121718    10.0.2.16 → 10.0.2.3     DNS 78 Standard query 0xc5fb A edgedl.me.gvt1.com
  288 796.122587    10.0.2.16 → 10.0.2.3     DNS 78 Standard query 0x12ad AAAA edgedl.me.gvt1.com
  289 796.152002     10.0.2.3 → 10.0.2.16    DNS 117 Standard query response 0x12ad AAAA edgedl.me.gvt1.com AAAA 2600:1900:4110:86f:: OPT
  290 796.152069     10.0.2.3 → 10.0.2.16    DNS 105 Standard query response 0xc5fb A edgedl.me.gvt1.com A 34.104.35.123 OPT
  294 796.272906    10.0.2.16 → 34.104.35.123 HTTP 424 GET /edgedl/release2/chrome_component/adlhr3mtrqs2mbpnk4zv2idcpzoa_9.29.4/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.29.4_all_acdpqrdkqkija6l7iceaxgclpl7q.crx3 HTTP/1.1
  352 796.375180 34.104.35.123 → 10.0.2.16    HTTP 947 HTTP/1.1 200 OK
  382 800.527291    10.0.2.16 → 34.104.35.123 HTTP 449 GET /edgedl/release2/chrome_component/hz46x4rdn6byfqf7vzud3pbxu4_20210915.397610852/obedbbhbpmojnkanicioggnmelmoomoc_20210915.397610852_all_ENUS_jsrfbvved6ksknvu5tc277evju.crx3 HTTP/1.1
 1647 801.103052 34.104.35.123 → 10.0.2.16    HTTP 327 HTTP/1.1 200 OK
 1658 805.152803    10.0.2.16 → 34.104.35.123 HTTP 421 GET /edgedl/release2/chrome_component/acze3h5f67uhtnjsyv6pabzn277q_298/lmelglejhemejginpboagddgdfbepgmp_298_all_ZZ_acnrzvykjh7jlxbgx24na6o5sefq.crx3 HTTP/1.1
 1733 805.230191 34.104.35.123 → 10.0.2.16    HTTP 885 HTTP/1.1 200 OK
 1746 809.820223    10.0.2.16 → 34.104.35.123 HTTP 360 GET /edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE HTTP/1.1
 1754 809.852375 34.104.35.123 → 10.0.2.16    HTTP 535 HTTP/1.1 200 OK
 1767 815.034578    10.0.2.16 → 34.104.35.123 HTTP 416 GET /edgedl/release2/chrome_component/fcxkkdnag7tkwkyv5vvtgjkq2i_45/khaoiebndkojlmppeemjhbpbandiljpe_45_android_khkben4jeoesjdc2ezd5r4erjq.crx3 HTTP/1.1
 1776 815.067578 34.104.35.123 → 10.0.2.16    HTTP 628 HTTP/1.1 200 OK
 1788 820.882649    10.0.2.16 → 34.104.35.123 HTTP 418 GET /edgedl/release2/chrome_component/aclf46dtjq4ghnis6u65oy6bs76a_6871/hfnkpimlhhgieaddgfemjhofmfblmnib_6871_all_lgw657yzokgiuxut6eie5gsfai.crx3 HTTP/1.1
 1824 821.182639 34.104.35.123 → 10.0.2.16    HTTP 1342 HTTP/1.1 200 OK
 1834 827.808704    10.0.2.16 → 34.104.35.123 HTTP 411 GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODZmQUFYS2VOaGowdjdSeVBvWFBSTDIxdw/1.0.0.9_llkgjffcdpffmhiakmfcdcblohccpfmo.crx HTTP/1.1
 1838 827.842458 34.104.35.123 → 10.0.2.16    HTTP 750 HTTP/1.1 200 OK  (application/x-chrome-extension)
 1852 835.144550    10.0.2.16 → 34.104.35.123 HTTP 418 GET /edgedl/release2/chrome_component/acpxb6khju3o46xpftgvrknpssoa_2701/jflookgnkcckhobaglndicnbbgbonegd_2701_all_lyvnodffjhh7fjzkktjubbatpu.crx3 HTTP/1.1
 1886 835.185289 34.104.35.123 → 10.0.2.16    HTTP 1120 HTTP/1.1 200 OK
 1895 842.954447    10.0.2.16 → 34.104.35.123 HTTP 442 GET /edgedl/release2/chrome_component/ac7q5dqum6qh5ffdaivdodpw7pba_2021.9.13.1142/ggkkehgbnfjpeggfpleeakpidbkibbmn_2021.9.13.1142_android_dklujhgt7zjrt2mycbbqcc7idy.crx3 HTTP/1.1
 1948 843.012845 34.104.35.123 → 10.0.2.16    HTTP 577 HTTP/1.1 200 OK
 1959 851.417288    10.0.2.16 → 34.104.35.123 HTTP 374 GET /edgedl/release2/chrome_component/AJqZYiqGvCtix64S2N84g-M_2020.11.2.164946/EWvH2e-LS80S29cxzuTfRA HTTP/1.1
 2093 851.510204 34.104.35.123 → 10.0.2.16    HTTP 833 HTTP/1.1 200 OK
 2103 860.750948    10.0.2.16 → 34.104.35.123 HTTP 439 GET /edgedl/release2/chrome_component/ccqwc52cyybdcncouijnt6kpaq_2021.8.17.1300/pdafiollngonhoadbmdoemagnfpdphbe_2021.08.17.1300_all_acatmzocbizfck6xlj6bync6egba.crx3 HTTP/1.1
 2122 860.784311 34.104.35.123 → 10.0.2.16    HTTP 594 HTTP/1.1 200 OK
 2134 870.352722    10.0.2.16 → 34.104.35.123 HTTP 359 GET /edgedl/release2/chrome_component/PyPjZbprQRNF5d_TEy7m4A_25/ZkD0EnVPw3pF9Z-UD2AHpA HTTP/1.1
 2211 870.409634 34.104.35.123 → 10.0.2.16    HTTP 752 HTTP/1.1 200 OK
 2221 880.551262    10.0.2.16 → 34.104.35.123 HTTP 363 GET /edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug HTTP/1.1
 2236 880.589428 34.104.35.123 → 10.0.2.16    HTTP 78 HTTP/1.1 200 OK

[realbiz21]

Also seen:

23:14:21 HTTP  POST    update.googleapis.com /service/update2/json?cup2key=11:2469282606&cup2hreq=7e670b61343d4e3f6e4f1d9ccca19e14795ca5c4df001ec202724d76c998eb89
23:14:21 HTTP  GET     storage.googleapis.com /update-delta/ggkkehgbnfjpeggfpleeakpidbkibbmn/2021.9.20.1143/2021.9.13.1142/bf5569d764c0c88a96db2a1c63640340a35e1ca0f256b5b6b1a7917c2b918915.crxd
23:14:23 HTTP  POST    update.googleapis.com /service/update2/json

The first POST sends about 13 apps in the JSON body plus some browser and OS info.

[thestinger]

This is documented in the FAQ and #62 is already open.

[thestinger]

Is this downloading proprietary Google updates?

They're not proprietary Google updates and it's not clear what you mean by that. GrapheneOS isn't yet hosting the static assets like dictionary updates, certification revocation lists, etc. and we'd need to figure out how to generate/build these separate or just obtain them from the official server in advance and host them ourselves. We'd need to host a component update server. Alternatively, it may be that we don't actually need to update any of this out-of-band. That hasn't been determined. You're welcome to work on it. It would be implemented already if people helped us out with these smaller tasks.

[realbiz21]

They're not proprietary Google updates and it's not clear what you mean by that.

I just didn't know what they were aside from binary blobs downloaded from Google. That's all. I'm no Chromium expert. But #62 has been made clear that the intention is to provide a GrapheneOS component update server so anything that's not about implementing that is off-topic, even if it's simply documenting unsolicited connections.

I'd love to help with things but I've evaluated GrapheneOS for 2 days now and it sounds like the project wants people more familiar with long-term implementation goals. I'll refrain from logging more issues if I can't help with implementation.