Hi everyone, first of all I just wanna say that this is the first thread I make here, english is not my first language, but I'll try to comunicate as effectvely as possible.
I'm noticing some weird and kinda creepy behaviours with my Yotaphone.
I bought this YotaPhone 3 about two years ago and I succesfully modded it some months ago flashing the Yota 3+ firmware as shown in this guide (no root).
In the last couple weeks I noticed an excessive battery drain, battery life has been cut in half for apparently no reasons, I'm not using my phone more than usual and i couldn t find any reasons relatable to anything I could have done.
Here is what i found out:
I use a Pi-Hole on my home network, a Linux network-level adversitement and Internet tracker blocking application which acts as a DNS sinkhole, that I mainly use to block ads, trackers and souspicious websites. I was occasionally checking out the Pi-Hole control panel, like i do every couple weeks, and this graph showed up:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
(Red bars are all queries related to my phone IP address)
There were almost 70 thousand queries from the domain "yotatechnologies.com", continously sent form 12:00 to midnight. As you might know YotaPhone decleared bankrupt last year and is not providing any kind of support anymore, in fact that domain is down and most of these queries ended up with a SERVFAIL replay, cousing multiple retries. But... some of the queries were apparently succesfull and were forwared to my DNS provider (Open DNS).
(the blocked ones, in red, were sent after I blacklisted the domain)
As I investigated more i found out that hundreds of thousands other queries were sent during May.
I downloaded an app to monitor my data usage (Glasswire) and I found a really strict correlation between this last graph and this one, showing the data usage of "android system" during May:
As you can see those spikes in data usage coincide with the spikes in the queries from that domain showed in the previous graph.
This is my battery usage from yesterday during one of those spikes:
I don't know what's happening and I can't give you more informations at the moment about this as I don't know exactly how the Pi-Hole works. For now I blacklisted the domain on my home network, to see if i notice any improvements in battery life during the next days. I would like to know if any other of you has ever issued the same problem (or something similar) and came to any conclusions or solutions.
I'm not assuming it's a conspiracy (yet), I'm way more warried about the unusual battery drain then a possible data stealing. But I would love to know more about it and come to a solution as quickly as possible.
Thanks, I hope this thread will be usefull to others too.
It's kinda normal as it is from a russian company, there are 2 possibilities, or they are stealing your data (which is the most probable one) or sending telemetry stuff.
the first one is more probable because of some russian apps that come in preinstalled, pretty sure there is a hidden system app pushing those requests.
try to debloat it using ADB, if the problem still continues, then root it and block the website using the hosts file.
Or it maybe be a compromised, corrupted or poorly written app.
Whatever it is, it's got to go.
Did you disable the auto update check? System -> Updater -> upper right 3 dots -> Preferences -> Auto update check.
Yotafreak said:
Did you disable the auto update check? System -> Updater -> upper right 3 dots -> Preferences -> Auto update check.
Click to expand...
Click to collapse
Yes, that's the first thing i did, but nothing changed
Related
My apologies if this is a repost but I came across this yesterday and thought people here might be interested. Anyone that has ever been confused by the way Android multitasks (let's be honest, we all have) should read this.
http://android-developers.blogspot.com/2010/04/multitasking-android-way.html
Interesting. And the author certainly has a cool last name.
Definitely a good read. Thanks.
I'm still TOTALLY confused between what a process vs service is and how everything works together. what's the difference between an app I just sent to the background vs its associated service or process? are they one and the same?
RogerPodacter said:
I'm still TOTALLY confused between what a process vs service is and how everything works together. what's the difference between an app I just sent to the background vs its associated service or process? are they one and the same?
Click to expand...
Click to collapse
A process is any task that the CPU has to perform. For example, say you open a text file. That's a process. Once the file is opened, the process is done.
A service is a long-running task, often launched by a process. More specifically, services are A) for tasks need to run in the background, B) usually for long-periods of time (or indefinitely), and C) most importantly, independent of user-input. Instead, services usually respond to changes in the system (ie Battery Indicator, see below), or periodically checking the internet for something.
- For example, the Battery Indicator app, which puts the battery percentage in the status bar (see picture below). Whenever the battery changes in the system, the Battery Indicator service is alerted, and the percentage in the status bar is changed.
- Another example is the Google Talk service, which is running whether or not you launched the app. That's because it needs to stay open in case someone messages you.
Without services, nothing could run in the background for long periods of time. For example, without the Google Talk service, if you wanted to receive a message, you'd have to have the app open and in the foreground 24/7. Once you opened another app, you'd go offline. (coughiPhonecoughcough )
You can view your services in Settings -> Applications (on Sense UI anyway).
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Very informative, thanks for that.
Excellent blog post! Thanks!
This would definitely seem to support the "No task killer" philosophy.
Good stuff to see...thanks
aujbman said:
This would definitely seem to support the "No task killer" philosophy.
Click to expand...
Click to collapse
I wish I could agree with that but without some type of task manager, my N1 does not run smooth at all. =\
I am running a recent CM11 nightly on my Nexus 4. I have recently noticed some suspicious behavior. First, I installed a guitar tuner that I use a lot (gStrings) which would not start because it said the Microphone was being used by another app. This persisted through several reboots. I chalked it up to a bug with CM or and incompatibility with the latest Android and forgot about it.
Then, last night my prepaid balance lapsed and immediately I started receiving messages saying "Your MMS message could not be delivered. Insufficient prepaid balance." The problem is that I very rarely send MMS and I certainly haven't sent any in recent memory.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
It could be a fluke, and the two above things may not be related, but it was enough to make me want to investigate further. I am planning on flashing back to stock just to be safe, but first I'd like some help tracking down whether or not there is an issue here or enough to believe my phone has been compromised somehow.
First I checked my logcat and noticed a few suspicious things:
I see several cancelNotification messages from MMS:App and several composemessageactivity calls from PackageManager. Here are a few from a time I wasn't sending any messages at all:
Code:
12-22 13:47:28.333 I/PackageManager(685): Adding preferred activity ComponentInfo{com.android.mms/com.android.mms.ui.ComposeMessageActivity} for user 0 :
12-22 13:47:28.373 I/PackageManager(685): Scheme: "mms"
12-22 13:47:28.373 I/PackageManager(685): Adding preferred activity ComponentInfo{com.android.mms/com.android.mms.ui.ComposeMessageActivity} for user 0 :
12-22 13:47:28.454 I/PackageManager(685): Scheme: "mmsto"
12-22 13:47:28.454 I/PackageManager(685): Adding preferred activity ComponentInfo
I also see calls to an MMS notification sound that I've never heard before. I also don't know what AwesomePlayer is (something built in to Android?):
Code:
12-22 15:39:34.304 D/AwesomePlayer(208): printFileName fd(44) -> /system/media/audio/notifications/F1_New_MMS.ogg
I pulled my mmssms.db from the phone and looked through it and didn't see anything that jumped out at me, but I admit I don't really know what I'm looking at.
Next I checked what apps have permissions for sending messages and didn't notice anything unusual. Google Voice and Twitter are the only user apps listed with access when I checked with xPrivacy (xPosed plugin). F-Secure App Permissions also show Twist, Google Search, Hangouts, and Google Play. But it looks like from the logcat the stock mms app is being called, so maybe something malicious wouldn't show up here?
I have not installed any apps I would consider "shady" and have never touched any pirated apps, but I do have a few installed from outside the play market. These are:
AdAway
dSploit
xPosed Installer
xPrivacy (xposed plugin)
Here is a complete list of apps installed on my device: http://snippi.com/s/uh08y66
I downloaded Webroot and AVG antivirus and ran scans. AVG flagged dSploit as a "potentially unwanted program" and warned that my device is rooted and I have 3rd party app installs allowed.
Is the above evidence enough to believe my phone is compromised or is there another possible explanation for the MMS activity? Like does T-Mobile maybe use some component of MMS to keep in communication with towers, etc?
Any ideas what else I can look at to try to get to the bottom of this before I flash back to stock?
You that reddit guy form /r/android ?
My adivce. FULL CLEAN WIPE.
flash a stock 4.4.2 image.
Qwerty123 \m/ said:
You that reddit guy form /r/android ?
My adivce. FULL CLEAN WIPE.
flash a stock 4.4.2 image.
Click to expand...
Click to collapse
Yea same guy. I'm definitely going to wipe it. The reason I installed CM11 in the first place is because I was getting interested and trying to learn more about security - so I was hoping that I could gather a little more data on this and see if I could figure where I went wrong. I guess the lesson is the same one at the beginning of every spy movie: don't trust anyone. Especially the guy who says that to you.
get droidwall, firewall to block apps that don't or shouldn't access the net, I did this to block dolphin browser using my data when I wasn't aware, some apps send yourself txts, you notice this when receiving them in flight mode.
perhaps restore to an earlier backup.
I thought xposed framework had security flaws unless they fixed that, one reason why I never tried
Don't you agree to c.m statistics when you flash C.M roms now if so it collects data and has to be sent some how.
Never looked into it myself and haven't run a c.m rom for a while but it's worth looking at.
Sent from my Nexus 4 using Tapatalk
Hi All
For the last week or so my S5 has been draining it's battery really quickly.
Having looked on GSam battery Monitor I can see that most of the usage is App Usage and of this the bulk of the usage is from Google Play Services. Looking deeper the culprit seems to be a wakelock from: *sync*/com.google.gms.auth.api.credentials/com/google/eM_ADDR
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
As you can see in the pictures in a mere 36 1/2 minutes it's thrown up 10,000 wakelock requests, which seems little (hugely) on the high side!!
I've tried googling this and not had much luck finding anything which might help.
One thing I have noticed is if I go into settings>Accounts when I go to my Google account, I get the name of the account and it shows that it's syncing but unlike usual when it syncs quickly, it remains saying syncing and basically hangs and none of the buttons or options etc react. I'm guessing this is at the root of the issue but I'm at a loss as to what I can do to sort it out.
Has anyone experienced this in the past or have any thoughts how I might fix the issue?
Additional info:
Model: SM-G900F
Android Version: 4.4.2
Kernel version: 3.4.0-2089850
Build Number: KOT49H-G900FXXU1ANG2
Oh and it's rooted.
I had a bit of a play yesterday evening and discovered that if I went into data usage and switched off autosync, then switched off wifi and mobile internet and the turned auto datasync back on, I could go into the account setting and actually get into the area for my google account and enable and disable syncing of various items (Drive, Docs, news, weather, gmail etc etc).
After a fair bit of testing of one item at a time, it seems the problem is with my gmail account (or at least it definitely occurs when I select for my gmail to sync). As soon I selected this and renabled my wifi, when I went into accounts and selected the google account it constantly showed as syncing, at no point saying "last synced" as it had with some of the others I tried.
Obviously I want it to be syncing my gmail so I get emails without having to manually check my emails all the time. I've had a bit of a search about but not managed to find anything much (or at least anything much that is less than about 3 years old!) Has anyone else had this issue and fixed it?
As the title states for some reason. Wi-Fi is constantly running.
No idea how or why. Nothing is enabled. Wi-Fi calling is also off.
Thank you in advance!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sent from my LG-H918 using Tapatalk
Better battery stats....... Is that a 3rd party app?
Could be that that battery app is miss reading something and giving you false information based on your other screen shots.
@shwnr11
That could be it. Better Battery Stats is a well known XDA application made by a member here named chamonix.
It is free for us XDA members but it is also a Paid application on the PlayStore.
I'll read up on his thread to see if he can point me into the right direction.
I wanted to come on here first to see if anyone else with a V20 is using this application and having the same problem.
I recently rooted my phone and at first I did not use a Custom Rom like (Overdrive, Etc.) and I ran into the same problem where the stats are showing Wi-Fi constantly running. I thought I may have deleted or frozen something using TitaniumBackup and I just could not figure it out at all and decided to go ahead and try the Overdrive Custom Rom to see if was something I did.
And of course after setting up my phone BetterBatteryStats is showing Wi-Fi is constanly running again...even on a clean install of a Custom Rom. It is not "On" because that is labeled as something else within the stats and it does not seem to be draining battery even though it shows "100%" battery usage. I am still achieving at the end of the day "1.0%" drain every hour.
But I appreciate you commenting and not just "Viewing" like the other 100 or less viewers have.
I still have no idea what would cause this type of battery usage with the Wi-Fi.
I decided to go ahead and do a fresh clean install of OverDrive's Custom Rom. I have not loaded any of my apps from Titanium Backup but Better Battery Stats.
After 2 hours now BBStats does not show this type of battery usage anymore.
So I am even more puzzled now. It may be that I deleted an app or apk or frozen something that requires Wi-Fi to behave properly.
Is there a list of aps or apks that we can safely remove or freeze?
G1Master said:
I still have no idea what would cause this type of battery usage with the Wi-Fi.
I decided to go ahead and do a fresh clean install of OverDrive's Custom Rom. I have not loaded any of my apps from Titanium Backup but Better Battery Stats.
After 2 hours now BBStats does not show this type of battery usage anymore.
So I am even more puzzled now. It may be that I deleted an app or apk or frozen something that requires Wi-Fi to behave properly.
Is there a list of aps or apks that we can safely remove or freeze?
Click to expand...
Click to collapse
Check in developer options and make sure allow WiFi room scans is turned off, when on it sends your location data to Google even when you turn WiFi off.
wifi
Common sense isn't all that common
@ZDeuce2
That was the first place I thought to look because I remember that being an issue with the Nexus 6 but unfortunately it was already disabled.
But I believe it may have been something I deleted or froze because I went ahead restored all of my apps one by one that I had prior just to see if it was an app of mine and I did not delete or freeze or anything this time around and Wi-Fi is not showing any usage at all with the BBStats app.
Yea I am puzzled but I am a happy camper now. BBStats is showing a solid "0.2%" battery usage every hour! Getting awesome battery life now.
Thank you though good sir for the comment.
First thing I noticed on my T-Mobile Stock Note 4 Running 6.0.1 was that the "Flashlight" and "MobileHotspot" Quick Settings Tiles were removed. Now I've already gone through other threads and found an app that allowed me to restore them.
Their respective names are TorchLight and WiFiHotspot.
Now I'm not sure what to exactly call these besides sysui_qs_tiles, but I've found several other tiles that work on my Note 4. Namely SmartScroll, AirView, and AirGesture.
Is there a list out there that has all possible Quick Setting Tiles for android 6.0? I was surprised to find that Smart Scroll was still available in android 6.0 on the Note 4, it does not even show up within my settings and yet this Quick Setting Tile lets me activate it. I'm curious as to what other tiles are hidden but compatible with the Note 4.
Here is my current Quick Setting Item's:
Code:
Wifi;MobileData;SilentMode;AutoRotate;TorchLight;Bluetooth;Location;PowerSaving;PersonalMode;WiFiHotspot;WifiCalling;NetworkBooster;UltraPowerSaving;MultiWindow;AirplaneMode;AllShareCast;Nfc;SideKey;Sync;SmartStay;DormantMode;CarMode;TouchSensitivity;AirView;AirGesture;SmartScroll;
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I will update this thread if I find any more.
Great post
It is a lot harder than I thought it would be to get a list like this. I asked 2 people to click the google play link, install Settings Database editor in an instant, click open, select secure table menu top right and scroll to sysui and copy the long list of words. Ended up spending more time than it would take trying to get something so easy... and with no way of having them screw anything up.... ADB will never exist in their reality. I should know bettter. Anyway I am in the middle of discussions between samsung and VMC as to why I receive a notification that my phone supports wifi calling, how I signed up for it via a shortcut app and am fully registered, how is it possible to simply choose to not allow thousands of your customers this feature simply because we won't waste money on a new phone? Nothing to do with monthlly package.... yeah this is happening to a lot of people....
so here are mine. The last 2 I tried to add hoping to make a toggle. no go. I am scheduled for a call tomorrow from a non virgin employee. Probably they can enable it as an individual entry and the call center doesn't have the feature to enable the feature no A5 user is worthy of. Not until thousands more start calling.
Is it possible that Samsung is fed up with carriers dictating how their device operates, spread millions of A5's and lit a fire? I mean, technically every single A5 owner in Canada gets a big pop up saying they have this feature and the carrier must either allow it, or admit they cripple your device as punishment for not getting one you don't even need. I put my tiles in and the screenshot that could change a lot very soon as more people figure out what's going on here. It is one thing for a device to become obsolete, but when it is flat out stolen, Samsung sure did let us know who it was without saying it at all. They all suck anyway.
xda has already saved 2 of my friends hundreds of dollars and myself.... same with current phone usage. No carrier or manufacturer can do that. It's like hating your wife.
My tiles: (pics in panel and other 2 from wifi a5 fiasco)
Wifi,MobileData,Location,Flashlight,Bluetooth,RotationLock,SoundMode,custom(com.samsung.android.smartmirroring/.tile.SmartMirroringTile),custom(com.android.settings/com.samsung.android.settings.qstile.SecAccountTiles),custom(com.samsung.android.app.aodservice/.settings.AODTileService),custom(com.google.android.gms/.nearby.discovery.ui.DiscoveryTileService),custom(com.pranavpandey.rotation/.service.RotationTileService),custom(com.android.nfc/com.samsung.android.nfc.quicktile.NfcTile),custom(projekt.substratum/.services.tiles.SubstratumTile),custom(com.samsung.android.oneconnect/.external.DeviceVisibilityTile),custom(com.android.settings/com.samsung.android.settings.qstile.PowerSavingTile),BlueLightFilter,AirplaneMode,Hotspot,Dnd,WorkMode,WifiHotspot,WifiCalling,NetworkBooster
Interesting but using that app it seems the toggles which are added arent permanent. As soon as you untoggle them the whole quick panel collapses, and if you open up the stock editor they are deleted.