1 yr. ago • 95%

Fairphone 4 is making hundreds of unwanted connections per day, to the same addresses.

So I got Fairphone 4, with /e/ os, a couple of days ago. When I connected it to my NextDNS I saw that it was trying to connect to some weird addresses, like every 5-10 minutes. I searched Internet a bit and found out that it was something with snapdragon cpu and location services. I travel a lot and use Organic Maps for navigation, so location was enabled almost all day on the phone. I turned off location services and connections stopped, and everything was fine for a couple of days.

Today I came home, checked logs in NextDNS and saw that phone started doing the same connections almost constantly even with location turned off.

Can I do something about this, other than allowing these connections? These connections are probably so numerous because they are getting blocked. If I allowed them, phone would maybe call home once in a couple of hours. I would rather not allow them, but I don't want 20% of battery to be eaten by this.

55 comments

I found a few links summarising this:

https://old.reddit.com/r/nextdns/comments/14919dp/randomly_pathnxtracloudnet_is_stopped_getting/jo5n5va/

It's Qualcomm's URL for downloading assisted GPS almanac days

https://teddit.net/r/privacy/comments/12yii9u/comment/jhojlr7/

Graphene OS' relevant documentation: https://grapheneos.org/faq#default-connections

On 4th and 5th generation Pixels (which use a Qualcomm baseband providing cellular, Wi-Fi, Bluetooth and GNSS in separate sandboxes), almanacs are downloaded from https://qualcomm.psds.grapheneos.org/xtra3Mgrbeji.bin which is a cache of Qualcomm's data. Alternatively, the standard servers can be enabled in the Settings app which will use https://path1.xtracloud.net/xtra3Mgrbeji.bin, https://path2.xtracloud.net/xtra3Mgrbeji.bin and https://path3.xtracloud.net/xtra3Mgrbeji.bin. GrapheneOS improves the privacy of Qualcomm PSDS (XTRA) by removing the User-Agent header normally containing an SoC serial number (unique hardware identifier), random ID and information on the phone including manufacturer, brand and model. We also always fetch the most complete XTRA database variant (xtra3Mgrbeji.bin) instead of model/carrier/region dependent variants to avoid leaking a small amount of information based on the database variant.

Note sure if e/OS/ has taken as much care as Graphene has to make the requests more private. Then again, they don't claim to be the most private OS, just De-Googled.

Edit: this is also a good read for further attempts to make your device more private: https://grapheneos.org/faq#other-connections
122
- Android is so troublesome, I am tempted to just install Ubuntu Touch and be done with this.
  
  10
  
  I have a linux phone on the shelf, because in real life I need apps that are only available on android ...
  
  45
  
  Ah, it's just a quirk of e/OS/. Nothing much - and you can run a DNS filter on your mobile to get rid of this problem (Bonus: won't take too much of battery since it'll not be operating a VPN since you're root)!
  
  I haven't heard much about Ubuntu Touch - does it work well?
  
  17
  
  Permanently Deleted
  
  1
- GrapheneOS really is the only Android that should be used. I hope e/OS and others just fork it, add a nicer UI and all.
  
  -1
The Qualcomm chipset is making these requests, most likely for GPS almanac data (satellite positioning).

Older chipsets send these almanac requests to izatcloud.net, unencrypted, containing your IMEI. No idea if newer chipsets have improved things though.

47
- Chipsets don't make network requests. More likely some closed-source platform service does.
  
  5
  
  That really isn't entirely true anymore since the TPM ecosystem came into existence. I can remotely wipe any pc at my company even if it's stolen and reformatted because a hardware chip will phone home the second a compatible os is installed and internet access is available.
  
  14
- How do you deal with this? Or are you using iPhone or something else?
  
  4
  
  I don't ☹️
  
  There is a hidden LocationServices system app from Qualcomm that proxies the communication on some devices - however removing this causes a bootloop from what I've read, and would prevent Android from being able to identify your location even if it didn't cause a bootloop.
  
  I use a Fairphone 3 though with a bunch of Google services in the stock OS disabled, so I've settled for just keeping my location data out of Google's hands
  
  Edit: add info
  
  6
Well, sounds like blocking them is bad: https://gitlab.com/CalyxOS/calyxos/-/issues/370

20
Permanently Deleted

16
- I use gps a lot, I don't think turning it off is an option then, I will just have to allow it and live with this.
  
  6
  
  Permanently Deleted
  
  2
you can get calyx os for it (graphene isn't supported)

9
- Apparently calyx wouldn't help. https://gitlab.com/CalyxOS/calyxos/-/issues/370
  
  4
So fair 😇

0
- I don't really blame fairphone for this. They would probably have to make their own chips, if they wanted control over that. Almost nobody has money for that.
  
  12
  
  Naa that's not something with "snapdragon cpu and location services" it's something with snapdragon + the OS allowing it and most likely profiting from it. Fairphone guys have been petitioned multiples times to open their platform and/or collaborate with projects such as GrapheneOS and CalyxOS so user can have private and secure phones but they don't care.
  
  CalyxOS does support the Fairphone 4 however that's only due to the persistence and reverse engineering efforts of the CalyxOS project / community. If you decide to use it you won't have a secure bootloader anymore due to a bug in Fairphone's firmware that they choose not to fix. That's how "fair" the "Fairphone" really is.
  
  Here is more relevant information for you from here:
  
  XTRA is technology offered by Qualcomm Technologies, Inc. in the US and QT Technologies Ireland Limited in the European Economic Area to improve mobile device performance. XTRA downloads a data file from Qualcomm containing the predicted orbits of the Global Navigation Satellite System (GNSS) satellites. Using the XTRA data file reduces the time the device needs to calculate its location, thus saving time and battery power when using location-based applications. Newer versions of the XTRA software also upload a small amount of data to us. We use the uploaded data for purposes described in this Policy, such as maintaining and improving the quality, security, and integrity of the service. XTRA uploads the following data types: a randomly generated unique ID, the chipset name and serial number, XTRA software version, the mobile country code and network code (allowing identification of country and wireless operator), the type of operating system and version, device make and model, the time since the last boot of the application processor and modem, and a list of our software on the device
  
  Before you say this is the CPU's fault, it isn't, at least on its own. GrapheneOS also deals with this kind of stuff and has patches and options so you can block it.
  
  2
You could try to be less paranoid and less of a pussy

-21
- Oh man, you seem lost. Do you need help? Did you take a wrong turn when looking for c/boobs?
  
  9

You've viewed 55 comments.