this post was submitted on 19 Apr 2026

25 points (93.1% liked)

Privacy

48775 readers

417 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

Connections made by an idle, rooted Samsung smartphone within the first five minutes after reboot (programming.dev)

submitted 1 month ago by emotional_soup_88@programming.dev to c/privacy@lemmy.ml

7 comments fedilink hide all child comments

I'm using HaGeZi's Ultimate DNS Blocklist with AdAway as a base and am now trying to add my own "tweaks", according to what connections my phone makes.

I set PCAPdroid to automatically start capturing after reboot. Before reboot, I kill-ed as many apps and processes as possible without crashing Android and then cleared system memory. I then rebooted and left the phone untouched for five minutes. The following is a heavily edited excerpt of the resulting pcap file. I removed the source IPs, ports, package sizes and protocols, so that the excerpt only contains the destination hosts and the "issuing" apps/packages.

**Google Play Services**
playatoms-pa.googleapis.com
digitalassetlinks.googleapis.com
www.googleapis.com
mtalk.google.com
android.googleapis.com

**Google Play Store**
play-fe.googleapis.com
play.googleapis.com

**IronFox**
firefox.settings.services.mozilla.com
firefox-settings-attachments.cdn.mozilla.net
content-signature-2.cdn.mozilla.net

**Android**
es11.samsung-sm-ds.com

Here are four screenshots of the PCAPdroid capture, in which you additionally can see the protocols, destination ports, captured times, packet sizes and connection states. Let me know if the Buzzheavier link is broken.

Do you have any insights regarding these hosts? What they do, whether they are necessary for an Android system that still runs on the proprietary Google libraries and Google Play Services or whether they can be blocked? I am already blocking the Play Store with a firewall, so the hosts associated with it might not even be getting through. Unfortunately, my firewall doesn't come with granular enough control to allow blocking of individual hosts, which I guess I could do with AdAway instead and see what happens. Anyway, lend me your wisdom! :)

top 7 comments

sorted by: hot top controversial new old

[–] kyub@discuss.tchncs.de 10 points 1 month ago* (last edited 1 month ago) (1 children)

Generally, a Samsung phone isn't great for privacy. Consider getting a Pixel and put GrapheneOS on it. Much better Android baseline. More secure as well.

Any connection to Samsung's servers is likely non-essential, but do check that OS updates work.

Google Play Services is Google's main surveillance stack on every commercial Android distribution. It transmits a lot of unique device info to Google, every 20 minutes or so. The minimum data being transmitted is:

Phone #
SIM #
IMEI (world-wide unique device ID)
S/N of your device
WIFI MAC address
Android ID
Mail Address of your logged in Google account
IP address

However, this app might be required for Google Play to function. And also for some other apps. So check those dependency issues. In general, you should prefer using open source apps or any apps which don't have such stupid dependencies. Some apps merely complain when you don't have the Play Services app running (by displaying a popup) but still work.

There's also the issue with Google's DRM called "Play Integrity". Some apps use Google's Play Integrity API to "verify" that the device is an "officially sanctioned Android" and then act like any other Android is "unsafe" and then refuse to work. If you encounter this, be sure to complain to the app developers about this.

If you need the Google Play store but want to block network access for the Play Services app (which you should do), you should probably use the third-party Aurora store app.

About the Ironfox connections: not sure, but the "firefox-settings" hosts from Mozilla sound related to the Firefox Sync feature which syncs your settings/bookmarks/... with Mozilla. If that's the case it's also non-essential and can be blocked.

[–] emotional_soup_88@programming.dev 7 points 1 month ago (2 children)

Thank you very much for all the detailed advice! :D

I didn't mention it in the OP, but I am not logged in to either a Google or a Samsung account. The only apps I use the Play Store for is USB Audio Player and an electronic ID app that a lot of government related everyday chores require... If and when my threat model requires me to silo it off, I'll get Pixel and bump up my privacy. 😊

I know this isn't a degoogle community, but just for reference, these are my apps, which I manage with Obtainium:

[–] voxel@feddit.uk 4 points 1 month ago* (last edited 1 month ago) (1 children)

I would recommend replacing Openboard with Heliboard, since Openboard isn't actively maintained, while Heliboard is a fork of it and in active development.

https://github.com/HeliBorg/HeliBoard

[–] emotional_soup_88@programming.dev 2 points 1 month ago

Sweet! I'll check it out tonight! :D <3

[–] dreamy@quokk.au 3 points 1 month ago

You can install Aurora Store and use that instead of Play Store. Be aware that disabling/removing Play Store may cause issues with some apps that require Google Play Services for some reason and those apps don't have to be completely proprietary for this requirement (Stoat's mobile app doesn't launch at all without Play Store for example).

I would also recommend disabling background connections and running in the background for proprietary apps you install. I'm not sure how you can do this on a Samsung but this is how I do it on Xiaomi:
Running in the background: App info -> Power -> Select "Restrict background apps"
Background connections: App info -> Network access -> Disable "Background data"

[–] hexagonwin@lemmy.today 6 points 1 month ago* (last edited 1 month ago) (1 children)

i highly recommend using Universal Android Debloater and removing all the useless apps. (just leave the bare minimum necessary for the device to boot properly. Removing something may render the device unbootable and needing a factory reset, so be a bit careful. Disable screen lock while doing this so adb connects right after the device boots, even if systemui crashes or something)

I did this on a OneUI 6, Android 14 device last year and the device basically made no background network requests at all. I no longer have the device with me though..

[–] emotional_soup_88@programming.dev 1 points 1 month ago

Thanks! It's already debloated with UAD-NG. Even some "unsafe" packages with careful experimentation.