Network Connections¶
Here is a list of expected network connections for security/verification purposes.
Carrier Services¶Connections to a cellular carrier if/when a SIM is inserted.
- Voice over LTE (VoLTE): An IPsec tunnel for making calls and sending SMS messages.
- Voice over Wi-Fi (VoWiFi): Like VoLTE, but routed over connected Wi-Fi networks. DivestOS does not support VoWiFi due to privacy concerns.
- Multimedia Messaging Service (MMS): Used to send & receive MMS messages such as picture messages or group SMS chats.
- Rich Communication Services (RCS): A modern replacement for SMS & MMS. DivestOS does not support RCS due to it being a fundamentally broken and proprietary replacement.
- Visual VoiceMail (VVM): Used to listen to & manage voicemail messages in the Phone app. Can be disabled: Phone > 3dot > Settings > Voicemail > Visual voicemail.
Domain Name System (DNS)¶Quad9, fallback only, cell/Wi-Fi network or user defined 'Private DNS' overrides, privacy policy
Purpose: Used to resolve domains to IP addresses when making connections to websites and services.
- 9.9.9.9
- 149.112.112.112
- 2620:fe::fe
- 2620:fe::9
Internet Connectivity Checks¶every connection change, can be disabled (14.1+) or changed (18.1+) in Settings
Purpose: Used to determine if a given network interface truly has an Internet connection and if there is a captive portal which needs to be accepted by the user.
Default: Google - privacy policy
- http://connectivitycheck.gstatic.com/generate_204
- https://www.google.com/generate_204
- http://www.google.com/gen_204
- http://play.googleapis.com/generate_204
Optional: DivestOS - privacy policy
- http://divestos.org/generate_204
- https://divestos.org/generate_204
Network Time Protocol (NTP)¶volunteer pool, privacy policy
Purpose: Used to have an accurate system time.
- 2.android.pool.ntp.org
Predicted Satellite Data Service (PSDS)¶
Purpose: Used to speedup the process of acquiring a GPS lock.
Qualcomm devices
- https://{,xtra}path[1-9].izatcloud.net/xtra{,2,3grc}.bin
Broadcom devices such as Samsung Exynos, Google Tensor, and NVIDIA Tegra
- https://gllto.glpals.com/7day/v5/latest/lto2.dat
- https://gllto.glpals.com/rto/v1/latest/rto.dat
- https://gllto.glpals.com/rtistatus4.dat
Secure User Plane Location (SUPL)¶Google, fallback only, carrier/SIM and emergency calls can override, disable by removing `supl` type from selected APN, privacy policy
Purpose: Used to speedup the process of acquiring a GPS lock and to provide your location when placing a call to emergency services.
- tls://supl.google.com:727X
Updater¶default weekly, can be disabled in Settings > Updater, privacy policy
Purpose: Used to check for and download system updates.
- https://divestos.org/updater.php?base=$BASE&device=$DEVICE&inc=$BUILD_ID
- https://divestos.org/mirror.php?base=$BASE&file=$FILE
- https://divestos.org/builds/$BASE/$DEVICE/divested-$VERSION-$DATE-dos-$DEVICE(-$INCREMENTAL).zip
Remote Keystore Provisioning¶Google, modern Pixels only, privacy policy
Purpose: Used by some apps for hardware backed keystore attestation.
- https://remoteprovisioning.googleapis.com
F-Droid Repositories¶default daily, can be disabled in F-Droid > Settings
Purpose: Used to browse, install, and update apps.
- https://f-droid.org/repo/ - privacy policy
- https://divestos.org/fdroid/official/ - privacy policy
- https://divestos.org/fdroid/webview/ - privacy policy
- https://divestos.org/fdroid/unofficial/ - default disabled - privacy policy
- https://guardianproject.info/fdroid/ - default disabled - privacy policy
- https://apt.izzysoft.de/fdroid/ - default disabled - privacy policy
- https://fdroid.bromite.org/fdroid/ - default disabled - privacy policy
Mull¶Mozilla, privacy policy
Mull disables a lot of the typical requests that official/vanilla Firefox makes, however still does depend on various services as noted below.
- https://content-signature-2.cdn.mozilla.net - Used for signing/verification of all other requests.
- https://firefox.settings.services.mozilla.com - Used for altering various browser settings on demand and to apply monkeypatches for critical issues.
- https://firefox-settings-attachments.cdn.mozilla.net - Used for miscellaneous databases.
- https://shavar.services.mozilla.com - Used for Safe Browsing databases.
- https://tracking-protection.cdn.mozilla.net - Used for Enhanced Tracking Protection (ETP) blocklists.
- https://addons.mozilla.org - Used for add-on browsing.
- https://blocked.cdn.mozilla.net - Used for add-on revocation checks and for reporting abusive add-ons.
- https://services.addons.mozilla.org - Used for add-on downloads.
- https://versioncheck.addons.mozilla.org - Used to determine if installed add-ons need updating.
- https://duckduckgo.com - Default search engine - privacy policy - Can be changed via Settings > Search.
- Auto completion for a chosen search engine is performed by default. Can be disabled via Settings > Search > Show search suggestions.
- Online Certificate Status Protocol (OCSP) servers may be queried to determine certificate revocation status when certificate stapling isn't used or to confirm a CRLite match.
Hypatia¶not pre-installed, not automatic, privacy policy
Purpose: Used to download and update malware signature databases.
- https://divested.dev/MalwareScannerSignatures/*.h*b.gz