Hello world,
I had a suspicious event on my fully updated Fairphone 5 which led me to check its network behaviour. Running cat /proc/net/udp on adb shell, briefly after establishing the wifi connection, something with UID 1020 opens a UDP connection and closes it a bit later.
I can’t find any app with UID 1020 via ADB or installed app managers.
It’s 1002 for bluetooth, next 1027 for NFC.
What’s 1020?
Regain your privacy! Adopt /e/OS the deGoogled mobile OS and online services
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode ref pointer drops
1087: 00000000:BCC8 00000000:0000 07 00000000:00000000 00:00000000 00000000 1020 0 2121995 2 0000000000000000 0
This is the entry in question.
adb shell pm list packages --uid 1020
returns empty.
just be quick enough when the process is still alive I guess?
with ss you’d get used pid too with root-adb enabled - instead of uid only
WifiCall will do udp things whenever a wifi gets past the connectivity check
Would a user installed app be able to get a UID that low? The others are all 5 digits and higher.
Could UID have been spoofed, so could it have been from a malicious app?
If yes, what paths could I have gotten it from? Because I didn’t install anything weird except from App Lounge or f-droid, and I haven’t granted any suspicious app accesses, especially not any accessibility stuff.
So not sure what was going on. Can’t reproduce after reinstall, unfortunately (or fortunately?).
imo you’re panicking. Extraordinary claim, extraordinary evidence. I guess it’s something in the network facilities of Android, if not baseband
I think I found my answer.
android_filesystem_config.h on Android code search has a list of UIDs for daemons/services (or whatever the best term is) and shows my “missing” UID 1020 to be the **MulticastDNSResponder **.
Cross checks for the 1002 Bluetooth and 1027 NFC which I mentioned above are passed, too.
So I’m happy. And I’ve learned stuff. Learning by panicking, if you will 
#define AID_BLUETOOTH 1002 /* bluetooth subsystem */
#define AID_GRAPHICS 1003 /* graphics devices */
#define AID_INPUT 1004 /* input devices */
#define AID_AUDIO 1005 /* audio devices */
#define AID_CAMERA 1006 /* camera devices */
#define AID_LOG 1007 /* log devices */
#define AID_COMPASS 1008 /* compass device */
#define AID_MOUNT 1009 /* mountd socket */
#define AID_WIFI 1010 /* wifi subsystem */
#define AID_ADB 1011 /* android debug bridge (adbd) */
#define AID_INSTALL 1012 /* group for installing packages */
#define AID_MEDIA 1013 /* mediaserver process */
#define AID_DHCP 1014 /* dhcp client */
#define AID_SDCARD_RW 1015 /* external storage write access */
#define AID_VPN 1016 /* vpn system */
#define AID_KEYSTORE 1017 /* keystore subsystem */
#define AID_USB 1018 /* USB devices */
#define AID_DRM 1019 /* DRM server */
#define AID_MDNSR 1020 /* MulticastDNSResponder (service discovery) */
#define AID_GPS 1021 /* GPS daemon */
#define AID_UNUSED1 1022 /* deprecated, DO NOT USE */
#define AID_MEDIA_RW 1023 /* internal media storage write access */
#define AID_MTP 1024 /* MTP USB driver access */
#define AID_UNUSED2 1025 /* deprecated, DO NOT USE */
#define AID_DRMRPC 1026 /* group for drm rpc */
#define AID_NFC 1027 /* nfc subsystem */
I seem to have gathered that the MultiDNS service is run on demand, so if an app is installed that requests it, it will run, if not, then not. So it’s very plausible that the behaviour I observed is not reproducable on a different phone with other apps, or a freshly installed one, for that matter.
This topic was automatically closed after 30 days. New replies are no longer allowed.