DuckDuckGo App Tracking Protection causes Branch Android SDK to fire 10s thousands of requests per hour

Question

DuckDuckGo App Tracking Protection causes Branch Android SDK to fire 10s thousands of requests per hour

Closed this issue a year ago · 8 comments

Describe the bug

Privacy aware users have started to use new feature of DuckDuckGo Android browser - a virtual VPN that blocks all tracking requests. When this VPN is active Branch calls to branch.io are failing and the SDK keeps firing more and more quests.

Steps to reproduce

Install app that using Branch Android SDK
Install DuckDuckGo browser
Activate "App Tracking Protection" in DuckDuckGo

Expected behavior

When Branch requests fails it will wait for a while before firing a new one and not fire over 10k requests per hour.

SDK Version

5.2.6

Make and Model

Samsung Galaxy S21 (but should apply to any device)

OS

13

Additional Information/Context

No response

Answer 1 · 2022-11-27T22:11:37.000Z

Hi @mmartinmo,

With the release of 5.2.2 we did implement a default retry cap for no-internet request queues which VPN blocked scenarios would fit under.

We do default to 3 retries.

Could you confirm you are on 5.2.6? could you also try setting the retry max as well (i.e Branch.setNoConnectionRetryMax(5).

Thank you,
Justin

Answer 2 · 2022-11-28T14:08:12.000Z

Hi @jf-branch,

Yes I am on 5.2.6, and after adding Branch.getInstance().setRetryCount(5) the situation is the same - number of blocked attempts in DuckDuckGo stayed really high. But in Logcat only few POST requests are logged by Branch, so it seems like that the "requests" DuckDuckGo is counting are possibly also other API calls - e.g. getting device details, IP and ID. You can try it out, it's really interesting.

Answer 3 · 2022-11-28T16:29:23.000Z

That is strange, we will look into it.

Answer 4 · 2023-01-27T16:40:29.000Z

Did you have any time look into the issue? It is still reproducible on io.branch.sdk.android:library:5.2.7

Answer 5 · 2023-01-27T16:43:52.000Z

Hey @mmartinmo, we are working on writing up a report on this to evaluate our possible resolutions. Unfortunately, as you know we are being flagged not because of retries for network requests but for when we use certain Android APIs as well and thats why we are seeing such high volumes.

Answer 6 · 2023-01-27T16:49:48.000Z

hi @jf-branch great to hear that the work is in progress!

Answer 7 · 2023-08-01T14:54:30.000Z

We encountered this issue as well. Clients can catch the error that is thrown when DuckDuckGo is intercepting tracking attempts (ERR_BRANCH_TASK_TIMEOUT) and then call disableTracking(true) for that Branch session to prevent further attempts. We found it on 5.2.6.

Answer 8 · 2023-10-26T00:23:33.000Z

Since calls to the Branch API are blocked by DuckDuckGo, the Branch SDK can not initialize. However, since default retry limits were introduced there aren't excessive requests made.
So as long as your app doesn't depend on the Branch SDK's initialization, then you shouldn't face any issues besides not receiving requests for this user.