Hisense A9 debloating

Pasted image 20240304160615.png
For past few days I have been trying to debloat my new A9. I have analyzed the traffic going from/to the phone and blocked anything related to China. I thought I would share my process.


If you would like to monitor the traffic on your phone and happen to have Mikrotik router, you can use the Packet sniffer tool to redirect the traffic to your computer. Open the Packet sniffer tool in RouterOS, set streaming enabled, server ip to your computer, streaming port to 37008, filter stream by the phone ip (need to be connected to wifi and LTE disabled of course). Then on the computer, start Wireshark and create a capture filter for the given port 37008. Then you will see all traffic going from/to your phone on your computer.

Tip: to filter out legitimate (?) traffic going to Google, use this display filter:

!(ip.dst >= && ip.dst <= && !(ip.src >= && ip.src <=


Immediately, you will see a LOT of traffic going towards China ip addresses. I have monitored the traffic and pinpointed several domains and ip ranges to block. The main sources of traffic are qq.com and
taobao.com but there is many more, for example hismarttv.com, sogou.com, bizport.cn and others. I decided to block those domains using the hosts file.

There is also one stream of traffic going to "China Mobile communications corporation" ip address that does not use a domain name and connects directly to an ip address ( There are also pings going to Chinese IP addresses (probably only for checking the network status but one never knows). It is not possible to stop this traffic only by blocking DNS requests so all of this needs to be blocked by configuring the firewall using iptables.

Guide - How to block all traffic going to China

You need to have a rooted phone and connect to it using ADB. Prepare a file called "hosts" with the following contents:       localhost
::1             ip6-localhost       api.hismarttv.com       bas.phone.hismarttv.com       cs.map.qq.com       g.cn       get.sogou.com       ime.gtimg.com       mazu.3g.qq.com       sdkapiv2.bizport.cn       tools.3g.qq.com       v2.get.sogou.com       wap.dl.pinyin.sogou.com       world.taobao.com       worldwide.sogou.com       ws-keyboard.shouji.sogou.com       www.qq.com       www.taobao.com       taobao.com       olapi1.bizport.cn       olapi2.bizport.cn       olapi3.bizport.cn       olapi4.bizport.cn       olapi5.bizport.cn       olapi6.bizport.cn       olapi7.bizport.cn       olapi8.bizport.cn       olapi9.bizport.cn       olapi10.bizport.cn       olapi11.bizport.cn       pubserver1.bizport.cn       pubserver2.bizport.cn       pubserver3.bizport.cn       pubserver4.bizport.cn       pubserver5.bizport.cn       pubserver6.bizport.cn       pubserver7.bizport.cn       pubserver8.bizport.cn       pubserver9.bizport.cn       pubserver10.bizport.cn       feed.hismarttv.com       lbs.map.qq.com       api.map.baidu.com       api-hmct-phone.hismarttv.com       gateway.sogou.com       hshh.org       clock.cuhk.edu.hk       resource-cmp.hismarttv.com       api-gps.hismarttv.com       unified-ter.hismarttv.com       analytics.map.qq.com       nlp.map.qq.com       latest.map.qq.com       hisense.api.izd.cn       hisense.bizport.cn 

After that run the following commands (edit the hosts file path):

adb push path/to/your/hosts/file /sdcard
adb shell
mount -o rw,remount /
cp /sdcard/hosts /system/etc/hosts

After that, set up firewall rules that filter the ip block. We need to make the firewall rules persistent across phone reboots so we write the rules into init files. The echo command is multiline, just copy the whole command.

cd /system/etc/init
echo "on boot
    exec u:r:magisk:s0 -- /system/bin/iptables -A INPUT  -s -j DROP
    exec u:r:magisk:s0 -- /system/bin/iptables -A OUTPUT -d -j DROP
    exec u:r:magisk:s0 -- /system/bin/iptables -A INPUT  -s -j DROP
    exec u:r:magisk:s0 -- /system/bin/iptables -A OUTPUT -d -j DROP
    exec u:r:magisk:s0 -- /system/bin/iptables -A OUTPUT -d -j DROP
    exec u:r:magisk:s0 -- /system/bin/iptables -A OUTPUT -d -j DROP
    exec u:r:magisk:s0 -- /system/bin/iptables -A OUTPUT -d -j DROP
" > myboot.rc

And you are done! After these adjustments, I have observed the traffic and the phone is dead silent, if you ignore the traffic to the Google servers. A caveat is that if an application phones home once a day or once a week, I have probably missed the traffic and so there might still be some things left to block. Please share if you find more domans/ips to block!