I have an i747 running stock AT&T firmware. Un-rooted.
Over the last few weeks, I've noticed that my battery drain has increased and often my phone will be warm when I'm not near WIFI suggesting that the radio is active. I've also noticed that when I'm not connected to WIFI, the 4G/LTE icon at the top often indicates that there's data activity in progress.
So I set up a sniffer on my firewall to monitor the phone's data traffic when on WIFI. Here's what I found:
Within seconds of enabling WIFI on the phone, it appears that there are a handful of DNS requests. Most are for google apps (mtalk.google.com and a few others). Those aren't surprising. Then there are a number of lookups for svc.spd.samsungdm.com which maps to a pair of servers in the amazon cloud.
Immediately following that is a back-and-forth stream of HTTPS traffic to these samsungdm.com servers. I've been monitoring for the last 30 minutes while my phone has sat idle on the table with the screen turned off and this back-and-forth traffic has not stopped.
Google doesn't turn up much info about this domain. Any ideas what this is and why it's so chatty?