security – here gps tracking

Good day all.

I have been lured into the world of FOSS apps, apps using known trackers and loggers, DNS and firewalls. My phone is rooted via Magisk. It’s a Huawei P20 lite. Running Havoc 2.9 and Android 9.

So I have started replacing all the google store apps with know open source apps found on FOSS and F-droid.

Currently I am running RethinkDNS providing Firewall and DNS services. So looking though the resolved queries and the firewall log of RethinkDNS, I found an internal IP (used PCAPdroid for packet capture) on UDP port 53 which resolves to sodium.slp.pos.here.com. )

I have read up on Here’s services which is location based tracking for apps using HERE’s SDK. My phone does not have Google App store installed. I used MicroG for a while until I started moving over to other open source apps.

Looking at the packet data, PCAPdroid does a good job of finding the apps which connects to google’s or other servers for tracking purposes. So then I go ahead and look for an alternative app on the above mentioned app stores.

Also I used ClassyShark3xodus and found so juicy titbits on trackers/loggers on my phone. Loggers from what I read up is not all that bad for app devs (github?).

Currently I have RethinkDNS blocking UDP traffic from unknown apps.

The following is captured via PCAPdroid.

IPProto SrcIP SrcPort DstIp DstPort Uid App Proto Status Info BytesSent BytesRcvd PktsSent PktsRcvd
17 10.215.173.1 39132 10.215.173.2 53 1051 netd DNS Closed sodium.slp.pos.here.com 69 527 1 1
6 10.215.173.1 59738 3.124.142.17 443 1021 GPS TCP Closed 657 120 3 3 1617287557
17 10.215.173.1 52141 10.215.173.2 53 1051 netd UDP Closed 138 0 2 0 1617287634

Also from what I have read, and please correct me when I am wrong! Is how netd sends network related info to other Android services requesting such network traffic.

Currently I am blocking via RethinkDNS all GPS related requests. Now I am not interested in any GPS service. I just want to know where my traffic is heading.

Also I tried Bitwarden to find the origin of these requests to no avail.

Any help or info would be greatly appreciated as I want to learn how all these things connect 🙂