Samsung Galaxy S III
Bloat in Stock Image

The stock Verizon system image occupies 820Mbytes, compared on the Droid-3 to the stock Gingerbread image at 213Mb, and the CM-10 Jelly Bean image at 158Mb (add 87Mb for Google apps). These are all zipped files. What bloatware are they putting into this image? Here's a list of all the apps in the stock image that have icons. Sizes are shown; items without sizes are well under 1Mb each.

• AllShare Play -- Not sure what this is (1.0Mb)
• Amazon Kindle -- E-book reader (2.7Mb)
• Apps (from Verizon) -- An app finder program. (1.8Mb)
• Calculator -- not scientific, just plus minus times divide
• Calendar -- Standard Android calendar app
• Camera
• Clock -- Alarm clock, timezone clock, stopwatch, timer (down-counter) (4.5Mb)
• Color -- Some kind of overlay for Facebook (4.5Mb + 1.1Mb for Facebook API)
• Contacts -- Standard Android contact app
• Downloads -- Direct jump to download manager
• Email -- Standard Android Mail reader for generic accounts
• Gallery -- Standard Android photo viewer (1.3Mb)
• Gmail -- Standard Android Mail reader for Gmail (1.89Mb)
• Google+ -- Google's social network app (7.2Mb)
• Guided Tours -- Tutorials how to use the OS (media likely is on web)
• Internet -- Web browser (misnamed) (2.3Mb)
• Kies Air -- Manager for over-the-air updates (0.9Mb)
• Latitude -- Google service so others can keep track of your location (not sure of size)
• Local -- Google Maps extension to find advertisers in your area (not sure of size)
• Maps -- Standard Google map navigation app (24.6Mb)
• Media Hub -- Samsung app for (I think) DRM protected media (video?) (1.2Mb)
• Messaging -- To send and view SMS
• Messenger -- Probably XMPP client for Google+ instant messages
• Mobile Hotspot -- Turn your phone into a 802.11 access point
• Music Hub -- Upload your music, stream theirs (not free), get playlist recommendations
• Music Player -- Organizes and performs music files and playlists on the device
• My Files -- A simple file manager
• My Verizon Mobile -- Dedicated app to pay your bill, etc. (0.5Mb)
• Navigation -- Turn by turn navigation from Google, I think (not sure of size)
• Phone -- For originating voice chat (phone calls)
• Play Books, Magazines, Movies, Music -- Interface to Google's store, and player/viewer in these 4 categories (3.9, 5.4, 2.4, 3.2Mb resp.)
• Play Store -- Interface for purchasing apps from Google's market, plus app management and updates (9.2Mb plus 30.Mb common code)
• S Memo -- Sticky note app with finger art to text translation (1.5Mb)
• S Suggest -- Makes suggestions of things you can buy; they mention apps. (0.6Mb)
• S Voice -- Voice commands and queries, like Apple's Siri. Not tried. (4.3Mb)
• Google Search -- Direct jump to Google's search engine
• Settings -- Main configuration menu for the OS (standard Android app) (4.0Mb including storage)
• Setup Wizard -- If you need to run setup again
• Talk -- Client for Google's XMPP instant message server (not Google+) (0.95Mb)
• VCAST Tones -- Rent ringtones from Verizon (0.6Mb)
• Video Player
• Voice Recorder -- Not in CyanogenMod-10 but apps are available
• Voicemail -- Direct jump to play your voicemail
• VPN Client -- Connect to a VPN. IPSec supported, not sure about OpenVPN.
• VZ Navigator -- Turn by turn navigation provided by Verizon's contractor. I think this is a free trial. (3.4Mb)
• Youtube -- Dedicated app to play Youtube videos (2.9Mb)

The sum of the known app sizes is 100.8Mb, and it's unlikely that either the tiny apps or the ones I'm not sure of would inflate this significantly.

Digging into the image file: 820Mb compressed, 1.24Gb uncompressed (tar file). The contained objects break down as:

• 7.8Mb Bootloader and friends
• 6.4Mb Recovery
• 82.7Mb Miscellaneous including 35Mb going into cache (?)
• 1.14Gb System image

The system image is an ext4 filesystem. Unfortunately I was unable to mount it -- perhaps an endian issue? ARM is big endian while Intel is little endian. Neither could I do anything useful on the phone using ADB because I lack root access. Strings shows the names of all the APK files, presumably in /system/app. Let's try this command line: dd if=system.img.ext4 of=system.gmi conv=swab -- Didn't help. Later when I do have root I'll try copying the image onto the phone's /sdcard (plenty of room) and mounting it there.

Dealing with the stock image:

• Starting with COMBINATION_I535VRALG1_I535VZWALG1_743127_REV09_user_low_ship.tar.zip , see the installation page under InvisibleK's procedure for a link to a link to get this file or a similar Verizon stock image. Size 0.82Gb.

• Suggested to make a separate directory to put it in. Unzip it; the resulting file size is 1.24Gb:
  unzip COMBINATION_I535VRALG1_I535VZWALG1_743127_REV09_user_low_ship.tar.zip

• You now have COMBINATION_I535VRALG1_I535VZWALG1_743127_REV09_user_low_ship.tar.md5 which despite the extension is just a tar file. Un-tar it:
  tar xf COMBINATION_I535VRALG1_I535VZWALG1_743127_REV09_user_low_ship.tar.md5

• This gives you several filesystem images in EXT4 format, plus a bunch of files with .mbn extension. For example, strings in tz.mbn suggest that it is not compressed, it is involved with crypto and can use hardware encryption, and it contains several objects (X.509 certificates?) that contain pairs of Samsung Distinguished Names. The non-string content, I would not be surprised if it were compiled code for ARM (not Java bytecode).

• The interesting one is system.img.ext4 which is identified as data on an Intel system. Now transfer it to the pocket computer, if you're doing this on an Intel host. (Using scp to dropbear: 15oKb/sec, ETA 108 mins, forget this.) (Using adb push: 4.86Mb/sec, ETA 235 secs = 4 mins.)
  mkdir /sdcard/bloatware # On phone
  adb push system.img.ext4 /sdcard/bloatware/system.img.ext4 # On laptop

• Try to mount the system image:
  mkdir /data/local/tmp/mnt
  mount -o loop system.img.ext4 /data/local/tmp/mnt
  --or--
  losetup -f # Prints first available loop device e.g. /dev/block/loop1
  losetup -r /dev/block/loop1 system.img.ext4
  mount -o loop /dev/block/loop1 /data/local/tmp/mnt
  However, it doesn't mount. If you specify -t ext4, it exudes invalid argument, suggesting that there is some kind of leading garbage.

• Try dumping the system image (on the laptop) (just the first megabyte):
  od -N 0x1M -t x1z system.img.ext4 > system.od

  It begins with a unit of non-obvious structure running from 0 to 0002620. Then there are 0 up to 0010040.

  That begins a table of entries 0100 bytes long. (Or maybe half that, but things repeat every 0100 bytes.)

  The first dirent in one of the directories appears to start at 1435120. This dir is probably /system/bin, having a lot of symlinks to toolbox.

  Another important directory (root?) may start at 0010100.

  Dumping the laptop's /dev/sda5 (/home, ext4) gives these insights:

  • The MBR, which is all 0 on this filesystem, runs up to 0002000.
  • The superblock starts there; it has the volume label 0170 bytes in, and the current (or most recent) mount point at 0210. The initial 020 bytes are: 00 40 c0 00 e8 cb 00 03 98 70 26 00 e7 15 86 01.
  • After the superblock there is a big gap of 0 ending at 0010000 where a repetitive table begins with entries 040 bytes in size, all integers except for 2 hash-like items of 4 bytes.

  File on system.img.ext4 at various offsets into the file up to 16384. bytes (040000) does not reveal any filesystem structure.

• Clean up resources.
  umount /dev/block/loop1
  losetup -d /dev/block/loop1
  rm system.img.ext4 # If you're done with it on the phone