Subject: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package

Tutorial:
How to use a PC to find (& kill!) a rogue Android activity & its package
(even if it's clever in that it tries to hide its tracks!)

I just wrote this off the cuff, so if you have improvements, let us know.
The whole team learns from each other all this useful tribal knowledge.

Note: In simple terms, an "activity" is a single screen display.
Some are launchable (from outside the app), and most are not.

At any given moment, there is likely one and only one Activity displayed.
Who put it there?

For example, let's say an unknown app pops up an unwanted activity on your phone, where what you want to know is the *name* of that unwanted activity.

Here's the situation that happened to me yesterday which drove this:
a. All of a sudden, a full page of "something" popped up on my phone
b. What is it? Who did it? Where did it come from? Why is it there?
c. I needed to know the current activity & the app that popped it up

But how do you find the "current" activity & app that put it there?
A. The damn screen was all to easy to get rid of
B. But it left no traces of itself in the "recently used" list
C. And when it came up again, it had no "Settings > About"
So you had no idea its provenance as it hid that cleverly.

If you know something about the PC and Android, you can find
the rouge app's name and the offending activity. Here's how...

For Android Q and newer these Linux/cmd/powershell commands will
unambiguously identify the current activity on the Android phone.
$ adb shell dumpsys activity activities | grep "ResumedActivity"

adb shell dumpsys activity activities | findstr /C:"ResumedActivity"

.\adb shell dumpsys activity activities | Select-String -Pattern "ResumedActivity"

For older versions of Android (and most newer versions), use this:
$ adb shell dumpsys window windows | grep -E 'mCurrentFocus|mFocusedApp'

adb shell dumpsys window windows | findstr /C:"mCurrentFocus" /C:"mFocusedApp"

.\adb shell dumpsys window windows | Select-String -Pattern "mCurrentFocus|mFocusedApp"

Try this on Android as an example:
1. Enable USB Debugging on your Android phone (if you haven't already).
2. Connect your phone to your PC via a USB cable.
3. Open the Android Settings app

Now, use adb on a PC to tell you the current activity & the app.

adb shell "dumpsys activity | grep -E 'mCurrentFocus|mFocusedActivity'"

This output, for me:
mCurrentFocus=Window{c8c628b u0 com.android.settings/com.android.settings.Settings}

Note: <com.android.settings> is the package name which contains the activity.
<com.android.settings.Settings> is the full activity name of the screen.

Why is this useful?

Take what happened yesterday, which is an offending activity popped up.
The offending activity was a "news story" with "advertisements".
It had clickable links (and it turns out, the app had "trackers" too).
<https://i.postimg.cc/vTrHTPB2/t-mobile-play.jpg>

But where'd it come from?
My phone never shows ads.

So how did a news story pop up with ads?
Impossible, right?

Ads never show up on Android (if you know how to set up Android).
But it happened.

Turns out my carrier sneaked it on there unbeknownst to me.
So I deleted the carrier's app (which deleted the activity).

But it could happen anytime to anyone with any other activity.
So you want to know how to find the current activity & the app that put it there.
*Warning: Check your phone for carrier-induced news popups with clickable ads*
<https://www.novabbs.com/computers/article-flat.php?id=59564&group=comp.mobile.android#59564>

For those who may be in the USA who have any of the four carriers that
signed up with "sliide", you might want to check your phone for it.
<com.sliide.content.MainActivity>

Note, you'd "think" you could "deduce" the app from that Activity
to be "com.sliide.content", but they're too sneaky for that to work.

This is perhaps the best single command to use to find that "activity"
(where linux comes first, and then the Windows cmd & powershell).
$ adb shell dumpsys package | grep -B 2 -A 5 "com.sliide.content.MainActivity"

adb shell dumpsys package | findstr /B /C:"com.sliide.content.MainActivity" /S

.\adb shell dumpsys package | Select-String -Pattern "com.sliide.content.MainActivity" -Context 2,5

Just in case the activity has a different name, we can shorten that to:
$ adb shell dumpsys package | grep -B 2 -A 5 "sliide"

adb shell dumpsys package | findstr /B /C:"sliide" /S

.\adb shell dumpsys package | Select-String -Pattern "sliide" -Context 2,5

Just in case you do not have this Android activity, this command below
will find launcher activities on almost every Android device out there.
$ adb shell dumpsys package | grep -B 2 -A 5 "com.android.launcher3.Launcher"

adb shell dumpsys package | findstr /B /C:"com.android.launcher3.Launcher" /S

.\adb shell dumpsys package | Select-String -Pattern "com.android.launcher3.Launcher" -Context 2,5

When you run the commands above, let the rest of the team know if you found Sliide activities. After I deleted the offending package, no more came up.
$ adb shell pm uninstall --user 0 com.tmobile.m1

adb shell pm uninstall --user 0 com.tmobile.m1

.\adb shell pm uninstall --user 0 com.tmobile.m1

I just wrote this off the cuff, so if you have improvements, let us know.
The whole team learns from each other all this useful tribal knowledge.
--
Note I tested with adb not in the path but in the current working directory.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android
activity & its offending package

On Thu, 19 Jun 2025 22:23:46 -0000 (UTC), Marion wrote:

Turns out my carrier sneaked it on there unbeknownst to me.
So I deleted the carrier's app (which deleted the activity).

I take it you bought your phone from your carrier? And that it is also
locked to your carrier?

In much of the world, we are able to buy a phone, and then decide which carrier to use it with. Switching carriers is as easy as switching a SIM.

I just wrote this off the cuff, so if you have improvements, let us
know.

It’s a testament to Android, isn’t it, that you have this much control over what your phone does. Imagine trying to do that on any other
platform.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: A noiseless patient Spider (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package

On Fri, 20 Jun 2025 00:49:48 -0000 (UTC), Lawrence D'Oliveiro wrote :

Turns out my carrier sneaked it on there unbeknownst to me.
So I deleted the carrier's app (which deleted the activity).

I take it you bought your phone from your carrier?

I can see where you're going with that, and it might be just T-Mobile, but
bear in mind Sliide has partnered with *four* USA cellular carriers.

There are only essentially three main carriers in the USA, where I have had them all and I have found T-Mobile to be the best, for me for a variety of reasons, not the least of which is they give me everything for free.

I got a free cellular repeater. A free femtocell. Free in-store warranty replacements. Free SIM cards, and a half dozen free cellphones in 2021.

I initially got 3 (actually 5) free Samsung Galaxy A32-5G phones from the carrier (T-Mobile USA) and 1 half-price iPhone 12 in April of 2021.
<https://i.postimg.cc/YC1B906F/tmopromo01.jpg>

The only cost was 10% California sales tax on the imputed MSRP.
There is no contract with T-Mobile USA so I can drop it any time.
<https://i.postimg.cc/Xq5SpS4D/tmopromo02.jpg>

But if I had dropped in the first two years, I'd own the remaining amount
of money for the phone, but I didn't change carriers so it never happened.

And that it is also locked to your carrier?

In the USA, it's my understanding if you own the phone, they
can't lock it, and when I check, it shows it's carrier unlocked.
<https://i.postimg.cc/502mtgQB/networkunlock02.jpg>

However, it was carrier-locked (aka network locked) for two years because
the carrier owns the "free" phone until two years have expired.

They "give you" that "free" phone in monthly increments for 2 years.
That is, you get credited 1/24th the MSRP every month 'till its zeroed.
<https://i.postimg.cc/nhpbcP50/tmopromo04.jpg>

After two years, T-Mobile unilaterally unlocked every single phone.
<https://xdaforums.com/t/did-t-mobile-usa-unilaterally-unlock-your-free-samsung-galaxy-a32-5g-sm-a326u-when-the-2-year-24-months-1-24th-credits-finally-paid-for-the-phone.4589195/>

In much of the world, we are able to buy a phone, and then decide which carrier to use it with. Switching carriers is as easy as switching a SIM.

In the USA, switching carriers is as easy as popping in a new SIM also.

Since there are no contracts with T-Mobile USA, you can switch carriers on
a whim, but the reality is that there are practically only 3 carriers here.

I've had all three over time, where I had Verizon until they pissed me off
so I switched to AT&T until they pissed me off and then I switched to T-mo.

What Verizon did was replace a phone under warranty, but they restarted the contract (this was years ago when contracts were a thing). The fact they restarted the contract pissed me off since all they did was replace a
broken phone - so on principle alone, I switched from Verizon to AT&T.

Then, AT&T wouldn't let me have a "smart" phone without data (this was
years ago when paying for data was a thing) which, after I complained to
the FCC and received a bullshit letter from AT&T VP's, I dropped AT&T.

When I moved to T-Mobile I was happy, where I visit Europe a lot so it's
nice to have free roaming and unlimited data for free and texts for free.

Calls cost 25 cents a minute though, when I'm in Europe, but for most of
the USA, T-Mobile gives everyone unlimited data & unlimited text/mms and unlimited USA calls for "free" when they merged with Sprint around 2020.

I just wrote this off the cuff, so if you have improvements, let us
know.

It's a testament to Android, isn't it, that you have this much control
over what your phone does. Imagine trying to do that on any other
platform.

I agree. With adb, you can pretty much do almost anything you need to do!

Rest assured, I have plenty of devices on that other platform, so I am
quite well aware that it's a dumb terminal that can't do much at all.

What I love about Android is what happened in this case, which was:
a. When I got the phone, I used adb to remove all the bloatware
b. But T-Mobile added one bloatware package on June 4th, 2025
c. Which popped up news articles out of nowhere with clickable links
d. The news article was extremely easy to kill by tapping the [x]
e. And it had a "Settings" gear icon but there was no "About"
f. So I had no idea at first what program was popping it up
g. The next time it happened, I used adb to find the named Activity
h. Once I had the Activity name, I could find the offending program
i. I was shocked that it was T-Mobile who was the offending party!
j. But remember, Sliide has partnered with *four* USA carriers
k. So I suspect it's on Verizon and AT&T phones but I don't know
l. Anyway, with adb, I was easily able to delete the t-mobile app
m. And I can search the entire phone for the offending Activity
n. Which I have determined does not exist in any app on the phone

Try to do *that* with the other platform, which, I might let folks know,
that other platform has an ad-serving engine built into the operating
system which counts your clicks and feeds custom OEM ads back to you.

Even Android doesn't invade your privacy like that other platform does.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android
activity & its offending package

On 2025-06-20 02:49, Lawrence D'Oliveiro wrote:

On Thu, 19 Jun 2025 22:23:46 -0000 (UTC), Marion wrote:

Turns out my carrier sneaked it on there unbeknownst to me.
So I deleted the carrier's app (which deleted the activity).

I take it you bought your phone from your carrier? And that it is also
locked to your carrier?

In much of the world, we are able to buy a phone, and then decide which carrier to use it with. Switching carriers is as easy as switching a SIM.

Still, I believe the SIM card, which is provided by the telecom company,
can install applications. I don't have confirmation of this. I asked
chatgpt and it says "no".

--
Cheers, Carlos.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: ---:- FTN<->UseNet Gate -:--- (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android
activity & its offending package

On 20/06/2025 07:49, Marion wrote:

There are only essentially three main carriers in the USA, where I have had them all and I have found T-Mobile to be the best, for me for a variety of reasons, not the least of which is they give me everything for free.

TANSTAAFL!

They'll just Sliide something in now and again. ;-)

If you hadn't seen an ad, how would you have known that "something" had
been uploaded and was running? Anyway, tutorial saved for future
reference, just in case...

--
Jeff

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: A noiseless patient Spider (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android
activity & its offending package

On 2025-06-20, Carlos E.R. wrote:

On 2025-06-20 02:49, Lawrence D'Oliveiro wrote:

On Thu, 19 Jun 2025 22:23:46 -0000 (UTC), Marion wrote:

Turns out my carrier sneaked it on there unbeknownst to me.
So I deleted the carrier's app (which deleted the activity).

I take it you bought your phone from your carrier? And that it is also
locked to your carrier?

In much of the world, we are able to buy a phone, and then decide which
carrier to use it with. Switching carriers is as easy as switching a SIM.

Still, I believe the SIM card, which is provided by the telecom company,
can install applications. I don't have confirmation of this. I asked
chatgpt and it says "no".

Nope, it's just the stuff necessary to get you onto the carrier's
network. It can't push new apps into your phone.

HOWEVER -- the "free(tm)" phones from carriers tend to get the "carrier updates" which certainly can push crap into your phone (even after the lease-to-own period ends).


--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: A noiseless patient Spider (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android
activity & its offending package

On 2025-06-19 23:23, Marion wrote:

[Big snip]

This belongs in android ngs only, please stop cross-posting everything
android to various Linux and Windows ngs.

--

Fake news kills!

I may be contacted via the contact address given on my website: www.macfh.co.uk


--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: A noiseless patient Spider (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android
activity & its offending package

On 2025-06-20, Carlos E.R. wrote:

On 2025-06-20 02:49, Lawrence D'Oliveiro wrote:

On Thu, 19 Jun 2025 22:23:46 -0000 (UTC), Marion wrote:

Turns out my carrier sneaked it on there unbeknownst to me.
So I deleted the carrier's app (which deleted the activity).

I take it you bought your phone from your carrier? And that it is also
locked to your carrier?

In much of the world, we are able to buy a phone, and then decide which
carrier to use it with. Switching carriers is as easy as switching a SIM.

Still, I believe the SIM card, which is provided by the telecom company,
can install applications. I don't have confirmation of this. I asked
chatgpt and it says "no".

Nope, it's just the stuff necessary to get you onto the carrier's
network. It can't push new apps into your phone.

HOWEVER -- the "free(tm)" phones from carriers tend to get the "carrier updates" which certainly can push crap into your phone (even after the lease-to-own period ends).


--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: A noiseless patient Spider (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android
activity & its offending package

On 2025-06-20 13:06, Dan Purgert wrote:

On 2025-06-20, Carlos E.R. wrote:

On 2025-06-20 02:49, Lawrence D'Oliveiro wrote:

On Thu, 19 Jun 2025 22:23:46 -0000 (UTC), Marion wrote:

Turns out my carrier sneaked it on there unbeknownst to me.
So I deleted the carrier's app (which deleted the activity).

I take it you bought your phone from your carrier? And that it is also
locked to your carrier?

In much of the world, we are able to buy a phone, and then decide which
carrier to use it with. Switching carriers is as easy as switching a SIM. >>

Still, I believe the SIM card, which is provided by the telecom company,
can install applications. I don't have confirmation of this. I asked
chatgpt and it says "no".

Nope, it's just the stuff necessary to get you onto the carrier's
network. It can't push new apps into your phone.

HOWEVER -- the "free(tm)" phones from carriers tend to get the "carrier updates" which certainly can push crap into your phone (even after the lease-to-own period ends).

YES. This is what I remember. Fortunately my ISP doesn't seem to push
bad nosy crap- They seem to put their own application for getting
support from them, for instance. I thought it might come from the SIM, somehow, but maybe it is only their support phone numbers to the phonebook.

--
Cheers, Carlos.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: ---:- FTN<->UseNet Gate -:--- (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package

On Fri, 20 Jun 2025 11:09:23 -0000 (UTC), Dan Purgert wrote:

HOWEVER -- the "free(tm)" phones from carriers tend to get the "carrier updates" which certainly can push crap into your phone (even after the lease-to-own period ends).

I don't think it matters if it is a free phone or not as the carrier is who pushes the updates to the phone so they can include what they want into it.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: A noiseless patient Spider (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package

On Fri, 20 Jun 2025 10:39:43 +0100, Jeff Layman wrote :

If you hadn't seen an ad, how would you have known that "something" had
been uploaded and was running? Anyway, tutorial saved for future
reference, just in case...

Hi Jeff,

I agree that "most people" wouldn't know how to figure out where it came
from, and, truth be told, I had to *think* how to figure it out once I
realized it didn't show up in my "Recently Used" list nor in "recently installed" nor in my Activity Inspector app. So it was kind of sneaky.

But now that I know what to look for, I can find the activity on any phone. Also I know now that T-Mobile adds back some of the bloat I removed.

So periodically I'll run adb to find all the tmobile bloatware packages. Particularly after a known update of the system by the carrier.

Since this is 95% a Linux/Windows thread (because all the commands are run
on Linux and Windows - that's why) here are the related adb commands:

Linux: $ adb shell pm list packages | grep 'tmobile'

Cmdline: C:> adb shell pm list packages | findstr "tmobile"

PowerShell: PS> ./adb shell pm list packages | Select-String -Pattern 'tmobile'


BTW, it wasn't actually an "ad", per se, it was a "news story" of current
news (perhaps based on my clicks as it was about Israel:Iran where I keep
up intensively on world news in a global political sense), but it was "something" nonetheless that I did not pop up. It came up on its own.

Since it was unexpected, I didn't screenshot it (I wish I had), but it
seems to have come up once a day (or so). The funny thing it was super easy
to get rid of (tap x in the top right) where I would think real malware
isn't that polite. It was also potentially useful too, in that it was
something I certainly would have looked up on my own had I done it.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package

W Fri, 20 Jun 2025 20:53:28 +0200, Ivano Rossi napisal:

HOWEVER -- the "free(tm)" phones from carriers tend to get the "carrier
updates" which certainly can push crap into your phone (even after the
lease-to-own period ends).

I don't think it matters if it is a free phone or not as the carrier is who pushes the updates to the phone so they can include what they want into it.

Also keep in mind any android on the internet is updated every month by
Google for the kernal modules no matter how old the android phone is.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: news.chmurka.net (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android
activity & its offending package

On 2025-06-20 21:00, Jan K. wrote:

W Fri, 20 Jun 2025 20:53:28 +0200, Ivano Rossi napisal:

HOWEVER -- the "free(tm)" phones from carriers tend to get the "carrier
updates" which certainly can push crap into your phone (even after the
lease-to-own period ends).

I don't think it matters if it is a free phone or not as the carrier is who >> pushes the updates to the phone so they can include what they want into it.

Also keep in mind any android on the internet is updated every month by Google for the kernal modules no matter how old the android phone is.

But this kinds of updates are updates by the manufacturer. These can
include apps in the firmware.

--
Cheers, Carlos.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: ---:- FTN<->UseNet Gate -:--- (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package

W Fri, 20 Jun 2025 21:39:33 +0200, Carlos E.R. napisal:

HOWEVER -- the "free(tm)" phones from carriers tend to get the "carrier >>>> updates" which certainly can push crap into your phone (even after the >>>> lease-to-own period ends).

I don't think it matters if it is a free phone or not as the carrier is who >>> pushes the updates to the phone so they can include what they want into it. >>

Also keep in mind any android on the internet is updated every month by
Google for the kernal modules no matter how old the android phone is.

But this kinds of updates are updates by the manufacturer. These can
include apps in the firmware.

There are many kinds of updates but the only kernal updates which happen
every month to every android phone over the internet (no matter who makes
the phone & no matter who is the carrier) are from google alone https://source.android.com/docs/security/bulletin/asb-overview https://www.androidauthority.com/pixel-phones-kernel-upgrade-march-update-3532360/
although the carrier also does updates when they feel like doing them https://source.android.com/docs/core/connect/carrier

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: news.chmurka.net (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android
activity & its offending package

On 2025-06-20 22:34, Jan K. wrote:

W Fri, 20 Jun 2025 21:39:33 +0200, Carlos E.R. napisal:

HOWEVER -- the "free(tm)" phones from carriers tend to get the "carrier >>>>> updates" which certainly can push crap into your phone (even after the >>>>> lease-to-own period ends).

I don't think it matters if it is a free phone or not as the carrier is who
pushes the updates to the phone so they can include what they want into it.

Also keep in mind any android on the internet is updated every month by
Google for the kernal modules no matter how old the android phone is.

But this kinds of updates are updates by the manufacturer. These can
include apps in the firmware.

There are many kinds of updates but the only kernal updates which happen every month to every android phone over the internet (no matter who makes
the phone & no matter who is the carrier) are from google alone https://source.android.com/docs/security/bulletin/asb-overview https://www.androidauthority.com/pixel-phones-kernel-upgrade-march-update-3532360/
although the carrier also does updates when they feel like doing them https://source.android.com/docs/core/connect/carrier

No. Some years ago I had a Motorola, that had installed (forced)
Facebook and something else, Linkedln perhaps. I removed them, and every
time I got the periodic update from Motorola, they were back.

--
Cheers, Carlos.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: ---:- FTN<->UseNet Gate -:--- (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android
activity & its offending package

On Fri, 20 Jun 2025 12:33:14 +0100, Java Jive wrote:

This belongs in android ngs only ...

But it doesn’t just involve an Android system.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: A noiseless patient Spider (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package

W Sat, 21 Jun 2025 00:43:25 +0200, Carlos E.R. napisal:

HOWEVER -- the "free(tm)" phones from carriers tend to get the "carrier >>>>>> updates" which certainly can push crap into your phone (even after the >>>>>> lease-to-own period ends).

I don't think it matters if it is a free phone or not as the carrier is who
pushes the updates to the phone so they can include what they want into it.

Also keep in mind any android on the internet is updated every month by >>>> Google for the kernal modules no matter how old the android phone is.

But this kinds of updates are updates by the manufacturer. These can
include apps in the firmware.

There are many kinds of updates but the only kernal updates which happen
every month to every android phone over the internet (no matter who makes
the phone & no matter who is the carrier) are from google alone
https://source.android.com/docs/security/bulletin/asb-overview
https://www.androidauthority.com/pixel-phones-kernel-upgrade-march-update-3532360/
although the carrier also does updates when they feel like doing them
https://source.android.com/docs/core/connect/carrier

No. Some years ago I had a Motorola, that had installed (forced)
Facebook and something else, Linkedln perhaps. I removed them, and every time I got the periodic update from Motorola, they were back.

We agree. There are many kinds of android updates.

Some are from the oem. Some from the carrier. Some from google.
And some from google are security updates. Others are system updates.
And there's even more than that because android gets updated a lot of ways.

Windows and linux also get updated a lot of ways so it's complex
in both the desktop pc platform and the server platform and the phone.

Google play system updates has been updating every android over the
internet if that android phone was released after around 2019 but if your
phone doesn't run android 10 then it's not getting those system updates.

So this process of monthly updates for all android has been going on for a
long time where most phones that are six years old or younger are updated.

Google insists on grouping google play system updates under the broader umbrella of google system services updates in their official help documentation. This link is a changelog but it explains google system
services updates, which is the umbrella term that includes google play
system updates, google play store and google play services. https://support.google.com/product-documentation/answer/14343500

Since there isn't anything from google that doesn't mix all three together
you have to look outside of google to find information about the updates. https://www.howtogeek.com/686927/what-are-google-play-system-updates-on-android-and-are-they-important/
https://www.androidpolice.com/february-google-play-system-update-landing-now/

Even the howtogeek writer gets the google play security updates mixed up
with the google play system updates though so you have to look to reddit to break them apart since both do security updates but they do them different. https://www.reddit.com/r/GooglePixel/comments/evc6jf/security_update_vs_google_play_system_update/

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: news.chmurka.net (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android
activity & its offending package

On 2025-06-21 00:46, Lawrence D'Oliveiro wrote:

On Fri, 20 Jun 2025 12:33:14 +0100, Java Jive wrote:

This belongs in android ngs only ...

But it doesn’t just involve an Android system.

But if you don't have an Android phone, it's just noise, so it belongs
in Android groups only. Marion seems to change his/her nym, so making
it difficult to use plonk filters, and keeps unnecessarily cross-posting
like this.

Sometimes cross-posting is justified - I do it sometimes myself when I
think it's justified, particularly when it relates to hardware that
might be used with both Linux & Windows - but here it's not really justified, because a moment's thought shows that it only applies to Android.

--

Fake news kills!

I may be contacted via the contact address given on my website: www.macfh.co.uk


--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: A noiseless patient Spider (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android
activity & its offending package

T24gMjAyNS82LzIwIDIwOjA6MTEsIEphbiBLLiB3cm90ZToNCltdDQo+IEFsc28ga2VlcCBp biBtaW5kIGFueSBhbmRyb2lkIG9uIHRoZSBpbnRlcm5ldCBpcyB1cGRhdGVkIGV2ZXJ5IG1v bnRoIGJ5DQo+IEdvb2dsZSBmb3IgdGhlIGtlcm5hbCBtb2R1bGVzIG5vIG1hdHRlciBob3cg b2xkIHRoZSBhbmRyb2lkIHBob25lIGlzLg0KDQpEaWQgdGhhdCBzdGFydCBhdCBzb21lIHNw ZWNpZmljIHZlcnNpb24gb2YgQW5kcm9pZD8gSSdtIHByZXR0eSBzdXJlIG15IA0KQW5kcm9p ZCA0LjMgLSBpdCB3YXMgYSBEb29nZWUgLSBuZXZlciByZWNlaXZlZCBhIHNpbmdsZSB1cGRh dGUuDQotLSANCkouIFAuIEdpbGxpdmVyLiBVTVJBOiAxOTYwLzwxOTg1IE1CKytHKClBTC1J Uy1DaCsrKHApQXJAVCtIK1NoMCE6YClETkFmDQoADQpnYXppbmcgYXQgc29tZW9uZSBpbiBk aXN0cmVzcyBpcyBwcnVyaWVudCBhbmQgcnVkZS4NCi0gQWxpc29uIEdyYWhhbSwgUlQgMjAx NS82LzIwLTI2DQo=

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: 255 software (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package

W Sat, 21 Jun 2025 14:23:03 +0100, J. P. Gilliver napisal:

Also keep in mind any android on the internet is updated every month by
Google for the kernal modules no matter how old the android phone is.

Did that start at some specific version of Android? I'm pretty sure my Android 4.3 - it was a Doogee - never received a single update.

Android 10.

Google did such a good job of updating every android on the internet that
you won't notice the updates every month unless you actually look for them. https://support.google.com/product-documentation/answer/11412553

The monthly updates also include new features but they're mostly bugfixes. https://www.androidheadlines.com/2022/01/google-monthly-changelog-play-system-updates.html

They've been doing this since 2019 and most people didn't even notice. https://www.esper.io/blog/building-a-google-play-system-update-changelog

https://source.android.com/docs/core/ota/modular-system https://support.google.com/product-documentation/answer/14343500 https://9to5google.com/2022/01/10/whats-new-android-google-play-system-updates/ https://www.howtogeek.com/686927/what-are-google-play-system-updates-on-android-and-are-they-important/
https://www.androidpolice.com/february-google-play-system-update-landing-now/ https://www.reddit.com/r/GooglePixel/comments/evc6jf/security_update_vs_google_play_system_update/
https://www.intuneirl.com/why-your-android-device-reboots/

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: news.chmurka.net (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package

On Sun, 22 Jun 2025 14:00:24 -0000 (UTC), Jan K. wrote:

Also keep in mind any android on the internet is updated every month by
Google for the kernal modules no matter how old the android phone is.

Did that start at some specific version of Android? I'm pretty sure my
Android 4.3 - it was a Doogee - never received a single update.

Android 10.

The whole process actually started earlier, with Android 8.0 (Oreo).

Treble: Android 8.0 https://android-developers.googleblog.com/2017/05/here-comes-treble-modular-base-for.html

Mainline: Android 10 https://www.hexnode.com/blogs/android-project-mainline-everything-you-need-to-know/

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: To protect and to server (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android
activity & its offending package

On 2025-06-22 16:00, Jan K. wrote:

W Sat, 21 Jun 2025 14:23:03 +0100, J. P. Gilliver napisal:

Also keep in mind any android on the internet is updated every month by
Google for the kernal modules no matter how old the android phone is.

Did that start at some specific version of Android? I'm pretty sure my
Android 4.3 - it was a Doogee - never received a single update.

Android 10.

Google did such a good job of updating every android on the internet that
you won't notice the updates every month unless you actually look for them. https://support.google.com/product-documentation/answer/11412553

I do notice.

The automatic monthly update requires a reboot to be applied. After a
reboot, I have to enter the PIN to the SIM. As the update and reboot
were automatic, I don't notice them and do not know that the phone is
waiting for the PIN, meaning that the phone is out of service, and I am effectively disconnected from the world.

Clever, ain't it? :-/

So I had to disable automatic updates. Thus I do notice them, when I see
the prompt to reboot at my convenience.


--
Cheers, Carlos.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: ---:- FTN<->UseNet Gate -:--- (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android
activity & its offending package

T24gMjAyNS82LzIyIDE1Ojc6NywgVmljdG9yIHdyb3RlOg0KPiBPbiBTdW4sIDIyIEp1biAy MDI1IDE0OjAwOjI0IC0wMDAwIChVVEMpLCBKYW4gSy4gd3JvdGU6DQo+IA0KPj4+PiBBbHNv IGtlZXAgaW4gbWluZCBhbnkgYW5kcm9pZCBvbiB0aGUgaW50ZXJuZXQgaXMgdXBkYXRlZCBl dmVyeSBtb250aCBieQ0KPj4+PiBHb29nbGUgZm9yIHRoZSBrZXJuYWwgbW9kdWxlcyBubyBt YXR0ZXIgaG93IG9sZCB0aGUgYW5kcm9pZCBwaG9uZSBpcy4NCj4+Pg0KPj4+IERpZCB0aGF0 IHN0YXJ0IGF0IHNvbWUgc3BlY2lmaWMgdmVyc2lvbiBvZiBBbmRyb2lkPyBJJ20gcHJldHR5 IHN1cmUgbXkNCj4+PiBBbmRyb2lkIDQuMyAtIGl0IHdhcyBhIERvb2dlZSAtIG5ldmVyIHJl Y2VpdmVkIGEgc2luZ2xlIHVwZGF0ZS4NCj4+DQo+PiBBbmRyb2lkIDEwLg0KPiANCj4gVGhl IHdob2xlIHByb2Nlc3MgYWN0dWFsbHkgc3RhcnRlZCBlYXJsaWVyLCB3aXRoIEFuZHJvaWQg OC4wIChPcmVvKS4NCj4gDQo+IFRyZWJsZTogQW5kcm9pZCA4LjANCj4gaHR0cHM6Ly9hbmRy b2lkLWRldmVsb3BlcnMuZ29vZ2xlYmxvZy5jb20vMjAxNy8wNS9oZXJlLWNvbWVzLXRyZWJs ZS1tb2R1bGFyLWJhc2UtZm9yLmh0bWwNCj4gDQo+IE1haW5saW5lOiBBbmRyb2lkIDEwDQo+ IGh0dHBzOi8vd3d3LmhleG5vZGUuY29tL2Jsb2dzL2FuZHJvaWQtcHJvamVjdC1tYWlubGlu ZS1ldmVyeXRoaW5nLXlvdS1uZWVkLXRvLWtub3cvDQoNCkRvZXMgdGhhdCBtZWFuLCBzaG91 bGQgSSBldmVyIGJ1eSBhbm90aGVyIEFuZHJvaWQgJ3Bob25lLCBJIG5lZWRuJ3QgDQp3b3Jy eSBhYm91dCBlbnN1cmluZyBpdCdzIGxhdGVyIHRoYW4gMTAgKG9yIHBvc3NpYmx5IDgpLCBh cyBpdCdsbCANCmF1dG9tYXRpY2FsbHkgdXBkYXRlPyAoT2J2aW91c2x5IEknZCBoYXZlIHRv IGNoZWNrIHByb2Nlc3NvciwgbWVtb3J5LCANCmFuZCBzbyBvbi4pIFdoYXQgYXJlIHRoZXkg dXAgdG8gbm93Pw0KDQooQW5kIGhhdmUgdGhleSBzdG9wcGVkIG5hbWluZyB2ZXJzaW9ucyBh ZnRlciBjb25mZWN0aW9uZXJ5PyBJIHRoaW5rIGl0IA0Kd2FzIHNvbWV0aGluZyBsaWtlIHRv ZmZlZS1hcHBsZSB3aGVuIEkgZ290IG1pbmUuKQ0KLS0gDQpKLiBQLiBHaWxsaXZlci4gVU1S QTogMTk2MC88MTk4NSBNQisrRygpQUwtSVMtQ2grKyhwKUFyQFQrSCtTaDAhOmApRE5BZg0K AA0KQSBsaWUgZG9lc24ndCBiZWNvbWUgdHJ1dGgganVzdCBiZWNhdXNlIHBlb3BsZSBiZWxp ZXZlIGl0DQotIGh0dHBzOi8vd3d3LnlvdXR1YmUuY29tL3dhdGNoP3Y9ellvSDg3OTZTRkUN
Cg==

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: 255 software (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package

On Sun, 22 Jun 2025 20:50:57 +0100, J. P. Gilliver wrote:

Also keep in mind any android on the internet is updated every month by >>>>> Google for the kernal modules no matter how old the android phone is. >>>>

Did that start at some specific version of Android? I'm pretty sure my >>>> Android 4.3 - it was a Doogee - never received a single update.

Android 10.

The whole process actually started earlier, with Android 8.0 (Oreo).

Treble: Android 8.0
https://android-developers.googleblog.com/2017/05/here-comes-treble-modular-base-for.html

Mainline: Android 10
https://www.hexnode.com/blogs/android-project-mainline-everything-you-need-to-know/

Does that mean, should I ever buy another Android 'phone, I needn't
worry about ensuring it's later than 10 (or possibly 8), as it'll automatically update? (Obviously I'd have to check processor, memory,
and so on.) What are they up to now?

(And have they stopped naming versions after confectionery? I think it
was something like toffee-apple when I got mine.)

https://www.esper.io/blog/what-is-project-mainline

No. It doesn't mean that the phone is fully and completely updated.
Because there are other components on a phone other than core modules.
Although it does mean dozens of core modules are fully updated monthly.
For any Android 10 and up phone that connects itself to the Internet.
The list of core modules grows appreciably with each Android release.
There are currently about 40 Project Mainline modules updated monthly.
They are the core components that Google updates (not oems or carriers).

And Google stopped the candy naming convention back around Android 10.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: To protect and to server (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package

W Sun, 22 Jun 2025 19:41:07 +0200, Carlos E.R. napisal:

Also keep in mind any android on the internet is updated every month by >>>> Google for the kernal modules no matter how old the android phone is.

Did that start at some specific version of Android? I'm pretty sure my
Android 4.3 - it was a Doogee - never received a single update.

Android 10.

Google did such a good job of updating every android on the internet that
you won't notice the updates every month unless you actually look for them. >> https://support.google.com/product-documentation/answer/11412553

I do notice.

The automatic monthly update requires a reboot to be applied. After a reboot, I have to enter the PIN to the SIM. As the update and reboot
were automatic, I don't notice them and do not know that the phone is waiting for the PIN, meaning that the phone is out of service, and I am effectively disconnected from the world.

Clever, ain't it? :-/

So I had to disable automatic updates. Thus I do notice them, when I see
the prompt to reboot at my convenience.

Generally the kernal modules in mainline don't ask for a reboot but some of them do when they deal with low-level system components like the art
runtime, the dns resolver, media frameworks, security libraries and other
core components which are deeply integrated into the operating system.

These reboots are generally much faster than a full Android OS update, especially on devices with a/b seamless updates, because the new components
are already prepared on an inactive partition before the update happens.

However you can't disable google play system updates (mainline updates)
since these aren't updated by the oem or carrier and they're not like
regular packages that you can update manually. Google controls it. Not you.

You probably updated automatic system updates in developer options which
turns off the full android os updates but doesn't affect the kernal updates
of project mainline. Even if you're rooted, you can't turn off the mainline updates so what you're disabling is something else than project mainline.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: news.chmurka.net (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android
activity & its offending package

T24gMjAyNS82LzIzIDE2OjM5OjIyLCBWaWN0b3Igd3JvdGU6DQo+IE9uIFN1biwgMjIgSnVu IDIwMjUgMjA6NTA6NTcgKzAxMDAsIEouIFAuIEdpbGxpdmVyIHdyb3RlOg0KPiANCj4+Pj4+ PiBBbHNvIGtlZXAgaW4gbWluZCBhbnkgYW5kcm9pZCBvbiB0aGUgaW50ZXJuZXQgaXMgdXBk YXRlZCBldmVyeSBtb250aCBieQ0KPj4+Pj4+IEdvb2dsZSBmb3IgdGhlIGtlcm5hbCBtb2R1 bGVzIG5vIG1hdHRlciBob3cgb2xkIHRoZSBhbmRyb2lkIHBob25lIGlzLg0KPj4+Pj4NCj4+ Pj4+IERpZCB0aGF0IHN0YXJ0IGF0IHNvbWUgc3BlY2lmaWMgdmVyc2lvbiBvZiBBbmRyb2lk PyBJJ20gcHJldHR5IHN1cmUgbXkNCj4+Pj4+IEFuZHJvaWQgNC4zIC0gaXQgd2FzIGEgRG9v Z2VlIC0gbmV2ZXIgcmVjZWl2ZWQgYSBzaW5nbGUgdXBkYXRlLg0KPj4+Pg0KPj4+PiBBbmRy b2lkIDEwLg0KPj4+DQo+Pj4gVGhlIHdob2xlIHByb2Nlc3MgYWN0dWFsbHkgc3RhcnRlZCBl YXJsaWVyLCB3aXRoIEFuZHJvaWQgOC4wIChPcmVvKS4NCj4+Pg0KPj4+IFRyZWJsZTogQW5k cm9pZCA4LjANCj4+PiBodHRwczovL2FuZHJvaWQtZGV2ZWxvcGVycy5nb29nbGVibG9nLmNv bS8yMDE3LzA1L2hlcmUtY29tZXMtdHJlYmxlLW1vZHVsYXItYmFzZS1mb3IuaHRtbA0KPj4+ DQo+Pj4gTWFpbmxpbmU6IEFuZHJvaWQgMTANCj4+PiBodHRwczovL3d3dy5oZXhub2RlLmNv bS9ibG9ncy9hbmRyb2lkLXByb2plY3QtbWFpbmxpbmUtZXZlcnl0aGluZy15b3UtbmVlZC10 by1rbm93Lw0KPj4NCj4+IERvZXMgdGhhdCBtZWFuLCBzaG91bGQgSSBldmVyIGJ1eSBhbm90 aGVyIEFuZHJvaWQgJ3Bob25lLCBJIG5lZWRuJ3QNCj4+IHdvcnJ5IGFib3V0IGVuc3VyaW5n IGl0J3MgbGF0ZXIgdGhhbiAxMCAob3IgcG9zc2libHkgOCksIGFzIGl0J2xsDQo+PiBhdXRv bWF0aWNhbGx5IHVwZGF0ZT8gKE9idmlvdXNseSBJJ2QgaGF2ZSB0byBjaGVjayBwcm9jZXNz b3IsIG1lbW9yeSwNCj4+IGFuZCBzbyBvbi4pIFdoYXQgYXJlIHRoZXkgdXAgdG8gbm93Pw0K Pj4NCj4+IChBbmQgaGF2ZSB0aGV5IHN0b3BwZWQgbmFtaW5nIHZlcnNpb25zIGFmdGVyIGNv bmZlY3Rpb25lcnk/IEkgdGhpbmsgaXQNCj4+IHdhcyBzb21ldGhpbmcgbGlrZSB0b2ZmZWUt YXBwbGUgd2hlbiBJIGdvdCBtaW5lLikNCj4gDQo+IGh0dHBzOi8vd3d3LmVzcGVyLmlvL2Js b2cvd2hhdC1pcy1wcm9qZWN0LW1haW5saW5lDQo+IA0KPiBOby4gSXQgZG9lc24ndCBtZWFu IHRoYXQgdGhlIHBob25lIGlzIGZ1bGx5IGFuZCBjb21wbGV0ZWx5IHVwZGF0ZWQuDQo+IEJl Y2F1c2UgdGhlcmUgYXJlIG90aGVyIGNvbXBvbmVudHMgb24gYSBwaG9uZSBvdGhlciB0aGFu IGNvcmUgbW9kdWxlcy4NCg0KU28gd2hhdCB2ZXJzaW9uIG9mIEFuZHJvaWQgX3Nob3VsZF8g SSBnbyBmb3IgKGFzc3VtaW5nIEkgd2VudCBmb3Igb25lIGF0IA0KYWxsKSB0byBiZSByZWFz b25hYmx5IHN1cmUgaXQgd2lsbCB1cGRhdGU/IChBbmQvT3IsIHdoYXQgZWxzZSBzaG91bGQg SSANCmxvb2sgZm9yPykgV2hhdCB2ZXJzaW9uIGFyZSB0aGV5IHVwIHRvIG5vdz8NCg0KPiBB bHRob3VnaCBpdCBkb2VzIG1lYW4gZG96ZW5zIG9mIGNvcmUgbW9kdWxlcyBhcmUgZnVsbHkg dXBkYXRlZCBtb250aGx5Lg0KPiBGb3IgYW55IEFuZHJvaWQgMTAgYW5kIHVwIHBob25lIHRo YXQgY29ubmVjdHMgaXRzZWxmIHRvIHRoZSBJbnRlcm5ldC4NCg0KVGhhdCB3b3VsZCBwcmVz dW1hYmx5IGluY2x1ZGUgY29ubmVjdGlvbiB2aWEgaG9tZSB3aWZpLCByYXRoZXIgdGhhbiB0 aGUgDQptb2JpbGUvY2VsbHVsYXIgbmV0d29yaz8NCg0KPiBUaGUgbGlzdCBvZiBjb3JlIG1v ZHVsZXMgZ3Jvd3MgYXBwcmVjaWFibHkgd2l0aCBlYWNoIEFuZHJvaWQgcmVsZWFzZS4NCj4g VGhlcmUgYXJlIGN1cnJlbnRseSBhYm91dCA0MCBQcm9qZWN0IE1haW5saW5lIG1vZHVsZXMg dXBkYXRlZCBtb250aGx5Lg0KPiBUaGV5IGFyZSB0aGUgY29yZSBjb21wb25lbnRzIHRoYXQg R29vZ2xlIHVwZGF0ZXMgKG5vdCBvZW1zIG9yIGNhcnJpZXJzKS4NCg0KV291bGQsIHNheSwg YW4gb3Zlcm5pZ2h0IGNvbm5lY3Rpb24gdG8gd2lmaSBjb3ZlciA0MCBtb2R1bGVzPyBPciBh cmUgd2UgDQp0YWxraW5nIG1hbnkgZGF5cywgb3Igd2Vla3MsIG9yIGltcHJhY3RpY2FsbHkg bG9uZz8+DQo+IEFuZCBHb29nbGUgc3RvcHBlZCB0aGUgY2FuZHkgbmFtaW5nIGNvbnZlbnRp b24gYmFjayBhcm91bmQgQW5kcm9pZCAxMC4NClRoYW5rcy4gKEFueSBpZGVhIHdoeT8pDQot LSANCkouIFAuIEdpbGxpdmVyLiBVTVJBOiAxOTYwLzwxOTg1IE1CKytHKClBTC1JUy1DaCsr KHApQXJAVCtIK1NoMCE6YClETkFmDQoADQp0cmllZCBjYWxsaW5nIHRoZSB0aW5uaXR1cyBo ZWxwbGluZSAtIG5vIGFuc3dlciwganVzdCBrZXB0IHJpbmdpbmcNCg==

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: 255 software (3:633/280.2@fidonet)

Subject: Re: Tutorial: How to use a PC to find (& kill!) a rogue Android activity & its offending package

On Mon, 23 Jun 2025 23:26:11 +0100, J. P. Gilliver wrote:

No. It doesn't mean that the phone is fully and completely updated.
Because there are other components on a phone other than core modules.

So what version of Android _should_ I go for (assuming I went for one at all) to be reasonably sure it will update? (And/Or, what else should I
look for?) What version are they up to now?

It used to be that Google promised 3-1/2 years of full support to the OEMs
and then the OEMs (and carriers) had the option to promise more than that.

But now with the compartmentalizing of Android, all that has changed.
In addition, EU/UK regulatory agencies are asking for promises, in writing.

The UK made OEMs promise how long their minimum full support will be.

Samsung first promised 7 years for the high end and 6 for the lower end.
Then Google upped their 5 year Pixel promise to match that of Samsung.
Apple kept their promise of only 5 years.

With that in mind I would recommend the lower end Samsung A-Series phones, which are perfectly good phones and most come with normal ports & chargers.

Although it does mean dozens of core modules are fully updated monthly.
For any Android 10 and up phone that connects itself to the Internet.

That would presumably include connection via home wifi, rather than the mobile/cellular network?

It works over the google play services package and can not be disabled.

Doesn't matter how you connect to the Internet although you can set the
phone to not download from the google play services package over cellular.

People do that to save bandwidth costs, not for security reasons.

The list of core modules grows appreciably with each Android release.
There are currently about 40 Project Mainline modules updated monthly.
They are the core components that Google updates (not oems or carriers).

Would, say, an overnight connection to wifi cover 40 modules? Or are we talking many days, or weeks, or impractically long?

Google has a web page where it publishes exactly which of the 40 modules
are updated at any given month. Also there are fewer modules in the older releases. They started with about a dozen and each release they increase
how much is under the control of Google versus under the OEMs & Carriers.

I'm guessing half a dozen modules are updated at any given time but I would have to actually look but it doesn't matter much as its totally seamless.

Rarely the update asks you to reboot as most of the time it's invisible.

And Google stopped the candy naming convention back around Android 10.

Thanks. (Any idea why?)

The news said Google recognized that dessert names, while fun, were not universally understood across different cultures and languages and that
Google wanted its branding to be more straightforward and professional.

While Google no longer uses dessert names publicly, they still use internal codenames based on desserts during the development process. For example, Android 10 was internally codenamed Quince Tart, Android 11 was Red Velvet Cake, Android 12 was Snow ACone, Android 13 was Tiramisu, Android 14 was
Upside Down Cake, Android 15 was Vanilla Ice Cream, Android 16 is Baklava.

I'm going to change the f'up because this thread started with the PC in
mind but it has moved to mostly Android topics so apologies to the OP.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: To protect and to server (3:633/280.2@fidonet)