I was checking my Pi-Hole and noticed a lone spike of 700+ requests coming from my phone (Android 16) this morning. Upon checking the logs, it's all bogus domains corresponding to package names of apps I have previously installed via the Play Store, but never on this phone.
Going further back in the query log, I realized it also includes the package name of an app I developed years ago but never published on the store, nor on this phone. There's also a whole bunch of my browsing history apparently, domains I haven't visited in years - from the age of some of them I'm pretty sure it's Chrome history, as I only used Firefox sync for a brief period and my local history is <1y.
What the actual fuck? This is a Nothing Phone 3a, updated to Android 16 just a couple of days ago.
I mean no offense, but I think you might be being a tad paranoid on this one. There really isn't much that can be done with a list of sites you've saved credentials for once. If it was your most visited sites, I guess you would maybe be slightly more vulnerable to spear phishing. But just a bulk blast of sites over DNS doesn't really tell anyone anything, it just looks like normal-ish DNS traffic.