I’m using HaGeZi’s Ultimate DNS Blocklist with AdAway as a base and am now trying to add my own “tweaks”, according to what connections my phone makes.
I set PCAPdroid to automatically start capturing after reboot. Before reboot, I kill-ed as many apps and processes as possible without crashing Android and then cleared system memory. I then rebooted and left the phone untouched for five minutes. The following is a heavily edited excerpt of the resulting pcap file. I removed the source IPs, ports, package sizes and protocols, so that the excerpt only contains the destination hosts and the “issuing” apps/packages.
**Google Play Services**
playatoms-pa.googleapis.com
digitalassetlinks.googleapis.com
www.googleapis.com
mtalk.google.com
android.googleapis.com
**Google Play Store**
play-fe.googleapis.com
play.googleapis.com
**IronFox**
firefox.settings.services.mozilla.com
firefox-settings-attachments.cdn.mozilla.net
content-signature-2.cdn.mozilla.net
**Android**
es11.samsung-sm-ds.com
Here are four screenshots of the PCAPdroid capture, in which you additionally can see the protocols, destination ports, captured times, packet sizes and connection states. Let me know if the Buzzheavier link is broken.
Do you have any insights regarding these hosts? What they do, whether they are necessary for an Android system that still runs on the proprietary Google libraries and Google Play Services or whether they can be blocked? I am already blocking the Play Store with a firewall, so the hosts associated with it might not even be getting through. Unfortunately, my firewall doesn’t come with granular enough control to allow blocking of individual hosts, which I guess I could do with AdAway instead and see what happens. Anyway, lend me your wisdom! :)
Generally, a Samsung phone isn’t great for privacy. Consider getting a Pixel and put GrapheneOS on it. Much better Android baseline. More secure as well.
Any connection to Samsung’s servers is likely non-essential, but do check that OS updates work.
Google Play Services is Google’s main surveillance stack on every commercial Android distribution. It transmits a lot of unique device info to Google, every 20 minutes or so. The minimum data being transmitted is:
Phone # SIM # IMEI (world-wide unique device ID) S/N of your device WIFI MAC address Android ID Mail Address of your logged in Google account IP addressHowever, this app might be required for Google Play to function. And also for some other apps. So check those dependency issues. In general, you should prefer using open source apps or any apps which don’t have such stupid dependencies. Some apps merely complain when you don’t have the Play Services app running (by displaying a popup) but still work.
There’s also the issue with Google’s DRM called “Play Integrity”. Some apps use Google’s Play Integrity API to “verify” that the device is an “officially sanctioned Android” and then act like any other Android is “unsafe” and then refuse to work. If you encounter this, be sure to complain to the app developers about this.
If you need the Google Play store but want to block network access for the Play Services app (which you should do), you should probably use the third-party Aurora store app.
About the Ironfox connections: not sure, but the “firefox-settings” hosts from Mozilla sound related to the Firefox Sync feature which syncs your settings/bookmarks/… with Mozilla. If that’s the case it’s also non-essential and can be blocked.
Thank you very much for all the detailed advice! :D
I didn’t mention it in the OP, but I am not logged in to either a Google or a Samsung account. The only apps I use the Play Store for is USB Audio Player and an electronic ID app that a lot of government related everyday chores require… If and when my threat model requires me to silo it off, I’ll get Pixel and bump up my privacy. 😊
I know this isn’t a degoogle community, but just for reference, these are my apps, which I manage with Obtainium:
I would recommend replacing Openboard with Heliboard, since Openboard isn’t actively maintained, while Heliboard is a fork of it and in active development.
Sweet! I’ll check it out tonight! :D <3
You can install Aurora Store and use that instead of Play Store. Though be aware that disabling/removing Play Store may cause issues with some apps that require Google Play Services for some reason and those apps don’t have to be completely proprietary for this requirement (Stoat’s mobile app doesn’t launch at all without Play Store for example).
I would also recommend disabling background connections and running in the background for proprietary apps you install. I’m not sure how you can do this on Samsung but this is how I do it on Xiaomi:
Running in the background: App info -> Power -> Select “Restrict background apps”
Background connections: App info -> Network access -> Disable “Background data”
i highly recommend using Universal Android Debloater and removing all the useless apps. (just leave the bare minimum necessary for the device to boot properly. Removing something may render the device unbootable and needing a factory reset, so be a bit careful. Disable screen lock while doing this so adb connects right after the device boots, even if systemui crashes or something)
I did this on a OneUI 6, Android 14 device last year and the device basically made no background network requests at all. I no longer have the device with me though…
Thanks! It’s already debloated with UAD-NG. Even some “unsafe” packages with careful experimentation.
