Add Alibaba phone-home libs

[blaueente]

While analyzing an app I found that the class
com.alibaba.sdk.android.utils.AMSDevReporter
contains the url:
http://adash.man.aliyuncs.com:80/man/ap

and the class (the "d" is probably obfuscated)
com.alibaba.sdk.android.httpdns.d
contains the following domain name and IPs:

httpdns-sc.aliyuncs.com
203.107.1.97
203.107.1.100
203.107.1.1

The 1st class ist probably some dev/crash-reporter thing, the 2nd class is most likely a DNS-over-http implementation.
Both means they could potentially submit at least some unwanted data to alibaba.

[blaueente]

Added HTTPDNS to ETIP

[jfoucry]

added some comments to ETIP and new category (DNS Spy)

[pnu-s]

@blaueente Do we want to add a second ETIP entry for com.alibaba.sdk.android.utils.AMSDevReporter?

[blaueente]

Is there an overall established policy? Without really knowing what that class does, I'd suspect it is different from DNS and therefore might warrant a seperate entry with a different category.

About the category DNS spy: I think they can use it just for the app's DNS requests, so spying is mostly an additional problem if the app handles other domain names (like in a browser, or in a chat app that processes user's links); if they request only their own services's names which they access anyway later on, they do not get that much additional data.
One big problem however is that this automatically circumvents DNS-based tracker blocking such as used by Pi-Hole, adaway and hosts.txt.
You'd have to block by IP then.
And, speaking of IPs. I am suspicious of apps directly connecting to hard-coded IP addresses, as that also directly circumvents blocking.