[Resolved]QUIC protocol filtering control

[Rikus]

Hi, I've recently installed AdGuard and am impressed with how elegant and comprehensive a solution it is.

The filtering log is very useful to get an idea of all the traffic that is normally hidden with interesting little surprises. One of these was the occurrence of occasional QUIC protocol connection attempts that are filtered out. I was intrigued to find that the associated app was listed as "Android OS". Playing with the settings, I found that these connection attempts are always filtered, including if filtering is turned off for Android OS -- or even for all app content.

So far all the QUIC requests I've noticed comes from Android OS. I know that QUIC has been associated with ads in the past and guess that's why it so aggressively filtered, but wondered about the following:

1. From what I read it is a general protocol that Google may be using for other things too. I don't know what the Android OS QUIC requests I've encountered are about, but imagine it could potentially include useful or even vital functionality -- if not today, then tomorrow.

2. I have not been able to find any way to enable QUIC requests. An attempted user filter rule "@@|quic://*$important", does not seem to have any effect.

3. If indeed there is no way for users to enable QUIC, I would please like to request that feature. The great gift of AdGuard is to have control back over my device. This feels like a bit of that control is taken away again. Of course, selectively filtering QUIC requests, as with other protocols, would then also be desirable.

Thanks

 

[Chinaski]

@Rikus
Hello there!

Yes indeed, you are absolutely right. Google pushes through advertising by QUIC so we block it at all levels.
Those. Do you confirm that requests from QUIC in the filter log are displayed as requests from Android OS? That`s interesting
Maybe you managed to find a bug because QUIC requests have normal https fallback.

 

[Rikus]

Thanks for getting back to me. Appreciated.

I've attached a screenshot of the filtering log where it features QUIC connection attempts, as well as a screenshot of the details of one of those entries where it lists Android OS as the origin. This remains the case for all QUIC entries that I've checked so far. This particular example seems to be related to Google Maps, but on other occasions it seemed to happen entirely in the background without obvious connection to any specific user activity.

 

[Chinaski]

@Rikus

Well, in the log - the system service knocked on a QUIC, it did not work out for him and he immediately went over HTTPS!

About the on/off QUIC function. So far this option has not been considered. If this is really needed, developers will definitely pay attention to implementing such a function.

 

[Rikus]

Hi Chinaski,

It did not occur to me to check what IPs the domains listed in the subsequent HTTPS requests resolve to. I did that now and can see that indeed the same IPs as those in the QUIC entries feature.

As long as failed QUIC connections fall back to HTTPS, I don't mind that I can't control QUIC blocking. Thanks for taking the time to explain. You can consider my query resolved.

 

[Semmy7]

Google play store doesn't update apps with quic disabled. Until you manually unblock those quic://[different ipv6 address every time]:443 requests for com.android.vending. Can we fix this issue somehow?

 

[Boo Berry]

The Google Play Store by default shouldn't be filtered by AG for Android. Did you enable filtering for the Google Play Store? If so, you'll probably have to disable filtering for it.

Also, I have no issues with apps updating, but I don't filter the Play Store.