Network Connections

Here is a list of expected network connections for security/verification purposes.

Carrier ServicesConnections to a cellular carrier if/when a SIM is inserted.

  • Voice over LTE (VoLTE): An IPsec tunnel for making calls and sending SMS messages.
  • Voice over Wi-Fi (VoWiFi): Like VoLTE, but routed over connected Wi-Fi networks. DivestOS does not support VoWiFi due to privacy concerns.
  • Multimedia Messaging Service (MMS): Used to send & receive MMS messages such as picture messages or group SMS chats.
  • Rich Communication Services (RCS): A modern replacement for SMS & MMS. DivestOS does not support RCS due to it being a fundamentally broken and proprietary replacement.
  • Visual VoiceMail (VVM): Used to listen to & manage voicemail messages in the Phone app. Can be disabled: Phone > 3dot > Settings > Voicemail > Visual voicemail.

Domain Name System (DNS)Quad9, fallback only, cell/Wi-Fi network or user defined 'Private DNS' overrides, privacy policy

Purpose: Used to resolve domains to IP addresses when making connections to websites and services.

  • 9.9.9.9
  • 149.112.112.112
  • 2620:fe::fe
  • 2620:fe::9

Internet Connectivity Checksevery connection change, can be disabled (14.1+) or changed (18.1+) in Settings

Purpose: Used to determine if a given network interface truly has an Internet connection and if there is a captive portal which needs to be accepted by the user.

Default: Google - privacy policy

  • http://connectivitycheck.gstatic.com/generate_204
  • https://www.google.com/generate_204
  • http://www.google.com/gen_204
  • http://play.googleapis.com/generate_204

Optional: DivestOS - privacy policy

  • http://divestos.org/generate_204
  • https://divestos.org/generate_204

Network Time Protocol (NTP)volunteer pool, privacy policy

Purpose: Used to have an accurate system time.

  • 2.android.pool.ntp.org

Predicted Satellite Data Service (PSDS)

Purpose: Used to speedup the process of acquiring a GPS lock.

Qualcomm devices

  • https://{,xtra}path[1-9].izatcloud.net/xtra{,2,3grc}.bin

Broadcom devices such as Samsung Exynos, Google Tensor, and NVIDIA Tegra

  • https://gllto.glpals.com/7day/v5/latest/lto2.dat
  • https://gllto.glpals.com/rto/v1/latest/rto.dat
  • https://gllto.glpals.com/rtistatus4.dat

Secure User Plane Location (SUPL)Google, fallback only, carrier/SIM and emergency calls can override, disable by removing `supl` type from selected APN, privacy policy

Purpose: Used to speedup the process of acquiring a GPS lock and to provide your location when placing a call to emergency services.

  • tls://supl.google.com:727X

Updaterdefault weekly, can be disabled in Settings > Updater, privacy policy

Purpose: Used to check for and download system updates.

  • https://divestos.org/updater.php?base=$BASE&device=$DEVICE&inc=$BUILD_ID
  • https://divestos.org/mirror.php?base=$BASE&file=$FILE
  • https://divestos.org/builds/$BASE/$DEVICE/divested-$VERSION-$DATE-dos-$DEVICE(-$INCREMENTAL).zip

Remote Keystore ProvisioningGoogle, modern Pixels only, privacy policy

Purpose: Used by some apps for hardware backed keystore attestation.

  • https://remoteprovisioning.googleapis.com

F-Droid Repositoriesdefault daily, can be disabled in F-Droid > Settings

Purpose: Used to browse, install, and update apps.

MullMozilla, privacy policy

Mull disables a lot of the typical requests that official/vanilla Firefox makes, however still does depend on various services as noted below.

  • https://content-signature-2.cdn.mozilla.net - Used for signing/verification of all other requests.
  • https://firefox.settings.services.mozilla.com - Used for altering various browser settings on demand and to apply monkeypatches for critical issues.
  • https://firefox-settings-attachments.cdn.mozilla.net - Used for miscellaneous databases.

  • https://shavar.services.mozilla.com - Used for Safe Browsing databases.
  • https://tracking-protection.cdn.mozilla.net - Used for Enhanced Tracking Protection (ETP) blocklists.

  • https://addons.mozilla.org - Used for add-on browsing.
  • https://blocked.cdn.mozilla.net - Used for add-on revocation checks and for reporting abusive add-ons.
  • https://services.addons.mozilla.org - Used for add-on downloads.
  • https://versioncheck.addons.mozilla.org - Used to determine if installed add-ons need updating.

  • https://duckduckgo.com - Default search engine - privacy policy - Can be changed via Settings > Search.
  • Auto completion for a chosen search engine is performed by default. Can be disabled via Settings > Search > Show search suggestions.

  • Online Certificate Status Protocol (OCSP) servers may be queried to determine certificate revocation status when certificate stapling isn't used or to confirm a CRLite match.

Hypatianot pre-installed, not automatic, privacy policy

Purpose: Used to download and update malware signature databases.

  • https://divested.dev/MalwareScannerSignatures/*.h*b.gz