problem with GSM towers

[sibrat]

rooted stock Android 7, sony F5121, app version 1.0.2 from f-droid

After some test run (about 50 km) i found that GSM location doesnt work properly. In application database i found only one row related to GSM with strange 'rfID' = 'GSM/2147483647/2147483647/2147483647/2147483647' and absurdly large raduis 18190.615234375. If it can help there is (minimum) 4 cells with this cell id (2147483647) in my area: 25099_15401_2147483647, 25099_15402_2147483647, 25099_41130_2147483647 and 25099_41129_2147483647.

[n76]

What information about the current cell tower(s) your phone sees is shown by an app like SatStat?

Stock Android 7? My phones don't properly support the newer getAllCellInfo() API call with with a stock ROM that might be fully implemented. So the error is likely in the code for handling the results of the getAllCellInfo() call which is not as well tested. Depending on what SatStat reports, I may have to give you a debug build with some logging enabled to determine what is happening.

[sibrat]

What information about the current cell tower(s) your phone sees is shown by an app like SatStat?

screenshot

SatStat, mozilla stumbler, wigle experience no problems accessing current cell info.

Stock Android 7?

yes, rooted stock 7.0 without gapps

[sibrat]

i experimented a bit more and found minor bug: after using standart "clear data" feature application crashes and fails to start. Only disabling and enabling back in UnifiedNlp fixes that. Right after that application db filled with available wifi data, but no GSM entries so far. Also i suspect that application able obtain cell data only if two cell id reported by api simultaniosly. In many (if not most) phones that possible only duiring process of changing active cell.

[n76]

I'll try to reproduce the crash when data is cleared through the system settings tomorrow morning (late here now). With respect to the tower issue, if I were to get you a debug build with some logging enabled could you run that and post the logged data?

[sibrat]

With respect to the tower issue, if I were to get you a debug build with some logging enabled could you run that and post the logged data?

Sure

[sibrat]

update: app work normal if there is 2G cells. so problem only with 3G cell ids which are 28 bit long.

[n76]

Looks like the crash when you clear data using system settings is because the permissions it needs are also reset. That is fixed in v1.0.4 but it looks like F-Droid is only up to v1.0.2.

I've made a special build of the current 1.0.4 which has some additional logging to indicate which API it got the mobile/cell tower information from and, I hope, some indication of what is going wrong interpreting the information. adb logcat | grep DejaVu should get the lines I'd like to see.

[sibrat]

OK. since log contains quite sensitive information i cut intresting parts only. start on 2G...

12-23 08:20:13.212 12263 12283 D DejaVu Backend: onOpen() entry.
12-23 08:20:13.223 12263 12263 D DejaVu GpsMonitor: onCreate()
12-23 08:20:13.230 12263 12263 D DejaVu GpsMonitor: GpsMonitor onBind() entry.
12-23 08:20:13.232 12263 12263 D DejaVu Backend: mConnection.onServiceConnected()
12-23 08:20:13.242 12263 12263 D DejaVu Backend: onClose()
12-23 08:20:13.244 12263 12263 D DejaVu Cache: clear() - entry
12-23 08:20:13.245 12263 12263 D DejaVu GpsMonitor: onDestroy()
12-23 08:20:13.249 12263 12299 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 7records.
12-23 08:20:13.250 12263 12299 D DejaVu Backend: getMobileTowers(): GSM tower: CellInfoGsm:{mRegistered=YES mTimeStampType=oem_ril mTimeStamp=28512754213601ns CellIdentityGsm:{ #### correct cell id##### } CellSignalStrengthGsm: ss=17 ber=99 mTa=2147483647}
12-23 08:20:13.251 12263 12299 D DejaVu Backend: getMobileTowers(): GSM tower: CellInfoGsm:{mRegistered=NO mTimeStampType=oem_ril mTimeStamp=28512754213601ns CellIdentityGsm:{ #### correct cell id#####} CellSignalStrengthGsm: ss=14 ber=99 mTa=2147483647}
12-23 08:20:13.251 12263 12299 D DejaVu Backend: getMobileTowers(): GSM tower: CellInfoGsm:{mRegistered=NO mTimeStampType=oem_ril mTimeStamp=28512754213601ns CellIdentityGsm:{ #### correct cell id#####} CellSignalStrengthGsm: ss=24 ber=99 mTa=2147483647}
12-23 08:20:13.251 12263 12299 D DejaVu Backend: getMobileTowers(): GSM tower: CellInfoGsm:{mRegistered=NO mTimeStampType=oem_ril mTimeStamp=28512754213601ns CellIdentityGsm:{ #### correct cell id#####} CellSignalStrengthGsm: ss=14 ber=99 mTa=2147483647}
12-23 08:20:13.251 12263 12299 D DejaVu Backend: getMobileTowers(): GSM tower: CellInfoGsm:{mRegistered=NO mTimeStampType=oem_ril mTimeStamp=28512754213601ns CellIdentityGsm:{ #### correct cell id#####} CellSignalStrengthGsm: ss=11 ber=99 mTa=2147483647}
12-23 08:20:13.251 12263 12299 D DejaVu Backend: getMobileTowers(): GSM tower: CellInfoGsm:{mRegistered=NO mTimeStampType=oem_ril mTimeStamp=28512754213601ns CellIdentityGsm:{ #### correct cell id#####} CellSignalStrengthGsm: ss=16 ber=99 mTa=2147483647}
12-23 08:20:13.251 12263 12299 D DejaVu Backend: getMobileTowers(): GSM tower: CellInfoGsm:{mRegistered=NO mTimeStampType=oem_ril mTimeStamp=28512754213601ns CellIdentityGsm:{ ####correct cell id#####} CellSignalStrengthGsm: ss=17 ber=99 mTa=2147483647}
12-23 08:21:13.204 12263 12283 D DejaVu Backend: scanAllSensors() - emitterCache is null?!?
12-23 08:22:13.237 12263 12297 D DejaVu Backend: scanAllSensors() - emitterCache is null?!?

that line repeats many times. here i switched 2G to 3G and since nothing happens disabled and reenabled app in UnifiedNlp:

12-23 08:45:13.243 12263 12297 D DejaVu Backend: scanAllSensors() - emitterCache is null?!?
12-23 08:46:13.223 12263 12282 D DejaVu Backend: scanAllSensors() - emitterCache is null?!?
12-23 08:46:43.260 12263 12297 D DejaVu Backend: onOpen() entry.
12-23 08:46:43.267 12263 12263 D DejaVu GpsMonitor: onCreate()
12-23 08:46:43.270 12263 12263 D DejaVu GpsMonitor: GpsMonitor onBind() entry.
12-23 08:46:43.276 12263 12263 D DejaVu Backend: mConnection.onServiceConnected()
12-23 08:46:43.280 12263 13665 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:46:45.476 12263 13671 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:46:47.464 12263 13676 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:46:49.474 12263 13679 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:46:51.466 12263 13682 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:46:53.468 12263 13685 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:46:55.473 12263 13692 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:46:57.470 12263 13697 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:46:59.472 12263 13700 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:47:01.468 12263 13704 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:47:03.484 12263 13709 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:47:05.480 12263 13715 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:47:07.481 12263 13718 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:47:09.474 12263 13725 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:47:11.476 12263 13744 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:47:13.483 12263 13754 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:47:15.471 12263 13765 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:47:17.477 12263 13769 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:47:19.472 12263 13774 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 4records.
12-23 08:47:21.478 12263 13776 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 3records.

after that i made many manipulations (switching modes, wifi, turning on-off airplane mode...) with phone in attempt to see any 3G cells in log and not succeeded at all. but i found this:

12-23 08:53:11.475 12263 16035 D DejaVu Backend: getMobileTowers(): getAllCellInfo() returned 5records.
12-23 08:53:11.476 12263 16035 D DejaVu Backend: getMobileTowers(): GSM tower: CellInfoGsm:{mRegistered=YES mTimeStampType=oem_ril mTimeStamp=30490983214826ns CellIdentityGsm:{#### correct cell id#####} CellSignalStrengthGsm: ss=28 ber=99 mTa=2147483647}
12-23 08:53:11.476 12263 16035 D DejaVu Backend: getMobileTowers(): GSM tower: CellInfoGsm:{mRegistered=NO mTimeStampType=oem_ril mTimeStamp=30490983214826ns CellIdentityGsm:{#### correct cell id#####} CellSignalStrengthGsm: ss=17 ber=99 mTa=2147483647}
12-23 08:53:11.476 12263 16035 D DejaVu Backend: getMobileTowers(): GSM tower: CellInfoGsm:{mRegistered=NO mTimeStampType=oem_ril mTimeStamp=30490983214826ns CellIdentityGsm:{#### correct cell id#####} CellSignalStrengthGsm: ss=17 ber=99 mTa=2147483647}
12-23 08:53:11.476 12263 16035 D DejaVu Backend: getMobileTowers(): GSM tower: CellInfoGsm:{mRegistered=NO mTimeStampType=oem_ril mTimeStamp=30490983214826ns CellIdentityGsm:{#### correct cell id#####} CellSignalStrengthGsm: ss=17 ber=99 mTa=2147483647}
12-23 08:53:11.476 12263 16035 D DejaVu Backend: getMobileTowers(): GSM tower: CellInfoGsm:{mRegistered=NO mTimeStampType=oem_ril mTimeStamp=30490983214826ns CellIdentityGsm:{ mMcc=2147483647 mMnc=2147483647 mLac=2147483647 mCid=2147483647 mArfcn=41 mBsic=0x32} CellSignalStrengthGsm: ss=16 ber=99 mTa=2147483647}
12-23 08:53:11.483 12263 16038 D DejaVu RfEmitter: updateLocation(RF Emitter: Type=MOBILE, ID='GSM/2147483647/2147483647/2147483647/2147483647', ASU=16, Note='') emitter is new.

idk what 2147483647 is, but apparently it is not cell id at all =)

[n76]

I assume the "#### correct cell id#####" string is from your edit to remove sensitive information.

2147483647 is 0x7FFFFFFF in hex, so that looks like Integer.MAX_VALUE and looking at the constructor for CellIdentityGsm that is what is put into all the fields when the record is built. Comments on mMcc and mMnc indicate that the valid range is 0..999, so I'll add a check for that before I trust the values. I wish that my phone supported that API: If things work as I hope your phone should get a pretty good location from mobile towers alone.

[n76]

I've put another test version of DejaVu out where you can test it. Link is https://www.dropbox.com/s/fxpexikeu3pfvqq/DejaVu-1.0.4a-debug.apk?dl=0

If this fixes your issue then I'll release the change.

Thank you for helping finding this bug and helping me fix it.

[sibrat]

If this fixes your issue then I'll release the change.

well it does not create weird record in database anymore, but still can't see any 3G cells. This mean i normally cannot get location from GSM at all. Because i use 3G for everyday connection which coverage is more than 100%. When radiomodule sees 3G cells it does not even try scan 2G band at all. The only way to make phone scan for 2G cells is switch off 3G connectivity. Which is sad.

let clear some moments about log above. First of all at the begining 3G disabled and database is totally clear. At 08:20:13.249 app found 7 2G cells and write them to db. At log brake i enable 3G mode and (as i understand) at 08:46:43.280 your app found some new cells. But they not writed to db. I am pretty shure that founded cells are new ones because 3G is enabled now. Satstat clearly indicates that phone assosiated with 3G network and showing 3g cell id, and while phone is in 3G mode 2G band is ignored.

[n76]

The processing after the point where the log messages were generated is identical, so it seems unlikely to me that there can be a difference between 2G and 3G as far as what gets into the database.

If I can see the unedited messages emitted by DejaVu, preferably with a copy of the database, I might be able to see more. Could you filter your logcat to just show the DejaVu related lines (no other editing or clean up please) and get a copy of the database:

adb root
adb pull /data/data/org.fitchfamily.android.dejavu/databases/rf.db

If you can email them to tod@fitchdesign.com I can take a closer look to see what did not made it into the database.

[sibrat]

Ok. Now i clean app data. disable and reenable app in UnifiedNlp. Phone is normal GSM mode (all "G"s are enabled). now it gathers sattelites and i'll send logcat log and db to email. and screenshot from satstat. just in case :)

[n76]

Private correspondence with @sibrat confirmed above commits fixed issues.