Network Connections

Here is a list of expected network connections for security/verification purposes.

Carrier ServicesConnections to a cellular carrier if/when a SIM is inserted.

  • Voice over LTE (VoLTE): An IPsec tunnel for making calls and sending SMS messages.
  • Voice over Wi-Fi (VoWiFi): Like VoLTE, but routed over connected Wi-Fi networks. DivestOS does not support VoWiFi due to privacy concerns.
  • Multimedia Messaging Service (MMS): Used to send & receive MMS messages such as picture messages or group SMS chats.
  • Rich Communication Services (RCS): A modern replacement for SMS & MMS. DivestOS does not support RCS due to it being a fundamentally broken and proprietary replacement.
  • Visual VoiceMail (VVM): Used to listen to & manage voicemail messages in the Phone app. Can be disabled: Phone > 3dot > Settings > Voicemail > Visual voicemail.

Domain Name System (DNS)Quad9, fallback only, cell/Wi-Fi network or user defined 'Private DNS' overrides, privacy policy

Purpose: Used to resolve domains to IP addresses when making connections to websites and services.

  • 2620:fe::fe
  • 2620:fe::9

Internet Connectivity Checksevery connection change, can be disabled (14.1+) or changed (18.1+) in Settings

Purpose: Used to determine if a given network interface truly has an Internet connection and if there is a captive portal which needs to be accepted by the user.

Default: Google - privacy policy


Optional: DivestOS - privacy policy


Network Time Protocol (NTP)volunteer pool, privacy policy

Purpose: Used to have an accurate system time.


Predicted Satellite Data Service (PSDS)

Purpose: Used to speedup the process of acquiring a GPS lock.

Qualcomm devices

  • https://{,xtra}path[1-9]{,2,3grc}.bin

Broadcom devices such as Samsung Exynos, Google Tensor, and NVIDIA Tegra


Secure User Plane Location (SUPL)Google, fallback only, carrier/SIM and emergency calls can override, disable by removing `supl` type from selected APN, privacy policy

Purpose: Used to speedup the process of acquiring a GPS lock and to provide your location when placing a call to emergency services.

  • tls://

Updaterdefault weekly, can be disabled in Settings > Updater, privacy policy

Purpose: Used to check for and download system updates.


Remote Keystore ProvisioningGoogle, modern Pixels only, privacy policy

Purpose: Used by some apps for hardware backed keystore attestation.


F-Droid Repositoriesdefault daily, can be disabled in F-Droid > Settings

Purpose: Used to browse, install, and update apps.

MullMozilla, privacy policy

Mull disables a lot of the typical requests that official/vanilla Firefox makes, however still does depend on various services as noted below.

  • - Used for signing/verification of all other requests.
  • - Used for altering various browser settings on demand and to apply monkeypatches for critical issues.
  • - Used for miscellaneous databases.

  • - Used for Safe Browsing databases.
  • - Used for Enhanced Tracking Protection (ETP) blocklists.

  • - Used for add-on browsing.
  • - Used for add-on revocation checks and for reporting abusive add-ons.
  • - Used for add-on downloads.
  • - Used to determine if installed add-ons need updating.

  • - Default search engine - privacy policy - Can be changed via Settings > Search.
  • Auto completion for a chosen search engine is performed by default. Can be disabled via Settings > Search > Show search suggestions.

  • Online Certificate Status Protocol (OCSP) servers may be queried to determine certificate revocation status when certificate stapling isn't used or to confirm a CRLite match.

Hypatianot pre-installed, not automatic, privacy policy

Purpose: Used to download and update malware signature databases.