I’m using HaGeZi’s Ultimate DNS Blocklist with AdAway as a base and am now trying to add my own “tweaks”, according to what connections my phone makes.

I set PCAPdroid to automatically start capturing after reboot. Before reboot, I kill-ed as many apps and processes as possible without crashing Android and then cleared system memory. I then rebooted and left the phone untouched for five minutes. The following is a heavily edited excerpt of the resulting pcap file. I removed the source IPs, ports, package sizes and protocols, so that the excerpt only contains the destination hosts and the “issuing” apps/packages.

**Google Play Services**
playatoms-pa.googleapis.com
digitalassetlinks.googleapis.com
www.googleapis.com
mtalk.google.com
android.googleapis.com

**Google Play Store**
play-fe.googleapis.com
play.googleapis.com

**IronFox**
firefox.settings.services.mozilla.com
firefox-settings-attachments.cdn.mozilla.net
content-signature-2.cdn.mozilla.net

**Android**
es11.samsung-sm-ds.com

Here are four screenshots of the PCAPdroid capture, in which you additionally can see the protocols, destination ports, captured times, packet sizes and connection states. Let me know if the Buzzheavier link is broken.

Do you have any insights regarding these hosts? What they do, whether they are necessary for an Android system that still runs on the proprietary Google libraries and Google Play Services or whether they can be blocked? I am already blocking the Play Store with a firewall, so the hosts associated with it might not even be getting through. Unfortunately, my firewall doesn’t come with granular enough control to allow blocking of individual hosts, which I guess I could do with AdAway instead and see what happens. Anyway, lend me your wisdom! :)

  • kyub@discuss.tchncs.deEnglish
    10·
    2 days ago

    Generally, a Samsung phone isn’t great for privacy. Consider getting a Pixel and put GrapheneOS on it. Much better Android baseline. More secure as well.

    Any connection to Samsung’s servers is likely non-essential, but do check that OS updates work.

    Google Play Services is Google’s main surveillance stack on every commercial Android distribution. It transmits a lot of unique device info to Google, every 20 minutes or so. The minimum data being transmitted is:

    Phone #
SIM #
IMEI (world-wide unique device ID)
S/N of your device
WIFI MAC address
Android ID
Mail Address of your logged in Google account
IP address

    However, this app might be required for Google Play to function. And also for some other apps. So check those dependency issues. In general, you should prefer using open source apps or any apps which don’t have such stupid dependencies. Some apps merely complain when you don’t have the Play Services app running (by displaying a popup) but still work.

    There’s also the issue with Google’s DRM called “Play Integrity”. Some apps use Google’s Play Integrity API to “verify” that the device is an “officially sanctioned Android” and then act like any other Android is “unsafe” and then refuse to work. If you encounter this, be sure to complain to the app developers about this.

    If you need the Google Play store but want to block network access for the Play Services app (which you should do), you should probably use the third-party Aurora store app.

    About the Ironfox connections: not sure, but the “firefox-settings” hosts from Mozilla sound related to the Firefox Sync feature which syncs your settings/bookmarks/… with Mozilla. If that’s the case it’s also non-essential and can be blocked.

    • durinn@programming.devOP
      6·
      2 days ago

      Thank you very much for all the detailed advice! :D

      I didn’t mention it in the OP, but I am not logged in to either a Google or a Samsung account. The only apps I use the Play Store for is USB Audio Player and an electronic ID app that a lot of government related everyday chores require… If and when my threat model requires me to silo it off, I’ll get Pixel and bump up my privacy. 😊

      I know this isn’t a degoogle community, but just for reference, these are my apps, which I manage with Obtainium:

      • dreamy@quokk.auEnglish
        2·
        1 day ago

        You can install Aurora Store and use that instead of Play Store. Though be aware that disabling/removing Play Store may cause issues with some apps that require Google Play Services for some reason and those apps don’t have to be completely proprietary for this requirement (Stoat’s mobile app doesn’t launch at all without Play Store for example).

        I would also recommend disabling background connections and running in the background for proprietary apps you install. I’m not sure how you can do this on Samsung but this is how I do it on Xiaomi:
        Running in the background: App info -> Power -> Select “Restrict background apps”
        Background connections: App info -> Network access -> Disable “Background data”