Hi. I'm running a stock AT&T 4.3 firmware, un-rooted.
Over the last few weeks, I've noticed that my battery drain has increased and often my phone will be warm when I'm away from WIFI suggesting that the radio is active. I've also noticed that when I'm not connected to WIFI, the 4G/LTE icon at the top often indicates that there's data activity in progress.
So I set up a sniffer on my firewall to monitor the phone's data traffic when on WIFI. Here's what I found:
Within seconds of enabling WIFI on the phone, it appears that there are a handful of DNS requests. Most are for google apps (mtalk.google.com and a few others). Those are to be expected. Then there are a number of lookups for svc.spd.samsungdm.com which maps to a pair of servers in the amazon cloud.
Immediately following that is a back-and-forth stream of HTTPS traffic to these samsungdm.com servers. I've been monitoring for the last 30 minutes while my phone has sat idle on the table with the screen turned off and this back-and-forth traffic has not stopped.
Google doesn't turn up much info about this domain. I don't think this is related to Google's Android Device Manager (Google's remote wipe/lock app) because A) I don't have that enabled and B) I doubt Google would be using Amazon's cloud servers.
Any ideas what this is and why it's so chatty with its server?
Over the last few weeks, I've noticed that my battery drain has increased and often my phone will be warm when I'm away from WIFI suggesting that the radio is active. I've also noticed that when I'm not connected to WIFI, the 4G/LTE icon at the top often indicates that there's data activity in progress.
So I set up a sniffer on my firewall to monitor the phone's data traffic when on WIFI. Here's what I found:
Within seconds of enabling WIFI on the phone, it appears that there are a handful of DNS requests. Most are for google apps (mtalk.google.com and a few others). Those are to be expected. Then there are a number of lookups for svc.spd.samsungdm.com which maps to a pair of servers in the amazon cloud.
Immediately following that is a back-and-forth stream of HTTPS traffic to these samsungdm.com servers. I've been monitoring for the last 30 minutes while my phone has sat idle on the table with the screen turned off and this back-and-forth traffic has not stopped.
Google doesn't turn up much info about this domain. I don't think this is related to Google's Android Device Manager (Google's remote wipe/lock app) because A) I don't have that enabled and B) I doubt Google would be using Amazon's cloud servers.
Any ideas what this is and why it's so chatty with its server?
Facebook
Twitter
Instagram