46% of the battery charge is spent on transferring 0.2% of bytes
When a Pandora user plays a song, the entire file is transferred in one piece, and rightly so - transfer as much data at once as you can, and then keep the radio off for as long as possible.
However, after this transfer, the application sends pings every minute for periodic analysis of the audience. And what is the bottom line? These pings take up 0.2% of the total transferred data, while consuming 46% of all the energy used by the application!
Ilya Grigorik, High Performance Browser Networking
Each time in the book, Ilya discloses his point of view quite widely, backing it up with voluminous examples. To tell the readers about the battery life of the phone, he devotes an entire chapter to the details of the operation of the GSM, UMTS and LTE modem. It is interesting to realize how a problem arising at one of the levels has its roots several levels below.
Examining the entire stack of technologies, the book not only gives us a set of facts, but promotes an entire philosophy.
Good developers know how things work.
Great developers know why this works.
Steve Souders, introduction to High Performance Browser Networking
Old idea in a new way
In 2013, when I was reading the book, I thought it would be cool to do my own investigation on this topic and visualize how the radio modem jumps from tower to tower when the phone moves.
It was impossible to do this with a 2013 phone running iOS, it did not give access to the necessary data. But today I have a Pixel, and it doesn't have that problem. LocationManager gives GPS location (latitude and longitude) every second. TelephonyManager gives cellID = (mmc, mcc, lac, cid) for cell tower.
The cellID database will help you find out the latitude and longitude of each tower. All that remains is to draw every second the route (in red) and the connection with the towers, for each of which a different color has been selected. Drive from Sunnyvale to Mountain View (clickable)
The diagram shows a 7-minute drive of 3.7 km with an LTE-enabled phone (UE, from User Equipment). On the way, we met five towers and nine communication cells (eNB, from Evolved NodeB).
Analysis
By combining Google StreetView and Wikipedia, you can figure out a lot. (clickable) Several cellIDs can be located at the same eNB coordinates. It's just that the antenna on the eNB doesn't cover 360 °. The angle of direction and range of operation of each antenna cut the space into sectors. The location and direction of the antennas is strategically selected. On the map above, the towers are set up along Highway 85, and the antennas point parallel to it. Some antennas have a narrow and long range of operation - perhaps this allows you to increase the density of phones during traffic jams.
The density of the eNB is much higher than I thought. On the Internet, they write that the range of the cell tower is 45 miles. It may be in the wilderness, but in the city, population density and eNB density are related. In Sunnyvale, there are towers every 1.5 kilometers.
Towers do not always share several operators. The CellID database is so accurate that I was able to find these towers on Google StreetView. I thought I would find there large monoliths dotted with antennas, several for each operator, but in most cases one antenna hangs on the tower.
ENB antennas are not only mounted on towers . Sometimes they are located in churches, on high-voltage power lines.and even on commercial buildings.
As soon as you start looking for these towers, they turn from invisible to objects that cannot be ignored.
LTE radio can jump between different cells. Apparently, this happens quite often several times a minute in order to cope with the fact that the buildings are obstructing the towers.
The choice of tower seems to be deterministic. On the two maps above, the map connections on the same section of the path look similar. The choice is made by a state machine, the configuration of which is set by each cell via SIB messages. The state transition depends on many factors, incl. from the previous cell's signal strength threshold or the next cell's signal strength threshold.
Having traveled a fairly long distance, 16 km, I noticed that the LAC (Location Area Code) code of the CellID did not change. According to the LTE specification, cell towers are not required to perform UE transmission if the LAC does not change. The phone switches to the next tower, remaining in RCC_IDLE mode and not transmitting data. This not only saves battery, but also means that the cellular operator does not know the exact location of the phone if the LAC has not changed (although there has been a debate about the accuracy of determining the location by cells since the advent of GSM).
Apparently, on each tower there are three antennas with a sector of coverage of 120 °. This is obvious if you circle around one of them.
We climb deeper into the rabbit hole
It was interesting to draw maps. I wanted to know more about this area. I found that it was not only deep but also wide. Even in order to draw a minimal table based on the results of the survey, I had to spend a lot of time on sorting out acronyms.
| Generation | Technology | Marketing | Notes (edit) |
|---|---|---|---|
| 0G | Phones in cars | Like Philip Drummond [character of the sitcom Diff'rent Strokes / approx. per.] | |
| 1G | DynaTAC | Like Gordon Gekko [Wall Street movie character / approx. per.] | |
| 2G | GSM | GSM | Nokia 3310 (aka "brick"). SMS support |
| GPRS | Voice or data | ||
| EDGE | iPhone 1 | ||
| cdmaOne | CDMA | ||
| 3G | UMTS | HSPA | iPhone 3GS. Both voice and data at the same time |
| HSPA + | |||
| CDMA2000 | C2K | ||
| 4G | LTE | LTE | iPhone 5 / Pixel 1 |
| LTE Advanced | LTE + | ||
| LTE Advanced Pro | LTE Pro | ||
| 5G | 5G | 5G | iPhone 12 / Pixel 4a 5g |
| 5G mmWave | 5G mmWave | iPhone 12 Pro Max / Pixel 5G | |
Esoteric world
Since 2G (GSM) in 1998, 3GPP has made standards and documentation for all technical stacks. All of these specifications stretch into hundreds of documents, and it seems to take a lifetime to understand them.
I haven't found an open source LTE stack to learn from. And even if it were, then the radio transmission in the cellular range is carefully regulated so that these frequencies do not litter faulty modems.
Few books have been published on this subject, and they are all extremely expensive. I was personally inspired to explore the following three:
- An introduction to LTE by Christopher Cox.
- LTE Advanced by Sassan Ahmadi.
- Long Term Evolution In Bullets, 2nd Edition by Chris Johnnson.
Finally, there are applications that allow you to look under the hood of the modem, read its status and message. But I decided not to use them - they are expensive and also require root.