@Byte Qualcomm uses XTRA to gather statistics on the devices using their SoC. They use the hardware ID and a random ID to count unique users per device model, etc.

@GrapheneOS Why is that turned on in the first place though? Is xtra-daemon written by Qualcomm or what?

@Byte Yes.

@GrapheneOS I see. Does xtra-daemon do anything useful for GrapheneOS?

@Byte Yes, it retrieves GNSS almanacs via HTTPS GET requests to provide much faster GNSS-based location lock. We document it at https://grapheneos.org/faq#default-connections. 6th/7th generation Pixels (which are the recommended devices) use the open source AOSP PSDS downloader and we provide our own PSDS cache. We're working on doing the same thing for Qualcomm PSDS but it's more difficult due to using xtra-daemon instead of standard AOSP PSDS support. Qualcomm likes doing things their own way...

@GrapheneOS ah, of course. Maybe in the meantime it could be sandboxed? You know what things it’s *supposed* to access in theory? Or is it a problem of not being able to distinguish between appropriate use and inappropriate use of the network?

@Byte It is sandboxed and always was. That's how we removed access to SoC serial number. We just removed access to it rather than changing the code to stop reading it. We can also still read the code and see what it does but it's too painful to modify the code and maintain that. Removing User-Agent and using our proxy will both be done by hooking the calls it makes into the OS libraries.