Professional Documents
Culture Documents
Structure of a Smartphone
You may have the illusion of control.
A typical smartphone has at least three independent computer systems inside it, each
running its own operating system and each one of them programmed by a different
community of developers working in a different segment of the industry.
1. The “application processor”. This is the computer that runs Android or iOS. It is
the part you interact with. It is where your apps run. When you think of your
smartphone, you are probably thinking of the application processor.
2. The “baseband processor”. This is the computer that manages the cellular radio
part of the phone. And by cellular, we mean actual cellular technologies like LTE,
5G, etc., not WiFi. This computer connects and releases phone calls, connects and
releases cellular data sessions, handles SMS, and performs other functions in the
cellular network, including functions like “mobility management” that are normally
invisible to you.
3. The SIM. The SIM contains a full computer system (processor, memory, and
filesystem) running its own OS and its own set of applications. When you install a
SIM, it becomes an integral and active part of your phone.
As a smartphone user, you may have the illusion that you control your phone. In reality,
the functions of your phone are controlled by the software in these three computer
systems, only one of which is directly accessible to you.
How did it get like this? Historically, we started with “feature phones”, which had a
baseband processor and a SIM and a very simple microcontroller running a keypad and
screen. Then, in a separate line of evolution, we had PDAs. Remember PDAs? The
smartphone is a fusion of these two products, and there is still a very clear line between
the “phone” part (baseband + SIM) and the “PDA” part (application processor).
Between the application processor and the baseband processor, we have the “AT”
command set, which is called “AT” because nearly every command starts with the letters
“AT”. The AT command set is inherited from old dial-up modems and formally defined
for cellular use in the GSM 07.07 specification. In the AT protocol, the application
processor is the master, and sends commands and queries to the baseband processor.
Typical commands are things like “scan for available networks”, “select this particular
network”, “send this SMS”, “start a telephone call”, or “start a data session”. The actual
content of the data session is of no interest to the baseband processor. It does not care
what your apps are chatting about or what you are browsing.
The industry has some justification to keep the baseband processor closed and locked
down. The design of the cellular network places the basestation firmly in control of the
radio environment, and for this design to work, every baseband processor in every
handset must follow the rules strictly. A “rogue” handset that does not do as it is told can
disrupt service for an entire cell.
I used terms like “closed” and “locked down” several times, but this does not mean that
the cellular operator and baseband vendor cannot update the software of the baseband
processor remotely. So-called OTA (over-the-air) updates are usually delivered by SMS,
using cryptographic techniques to (supposedly) insure that they come from a trusted
source.
Note that WiFi connections are usually not handled by the baseband processor, but by a
much simpler radio connected directly to the application processor. WiFi and cellular data
are different technologies, even though they may appear the same at the application layer
and sometimes get lumped together under the catch-all term “wireless”.
The SIM
The SIM is a standard ISO/IEC smart card, with some software extensions. Most SIMs
are made by Gemalto, a Dutch company that holds about 50% of the market, or
Oberthur, a French company that holds about 25% of the market. Like many modern
smart cards, the typical SIM can be programmed with “applets” written in Java. These
applets can usually be installed and updated over-the-air with SMS.
The baseband processor and the SIM communicate over a serial line using two layers of
protocol:
2. SIM-specific functions, originally defined in GSM 11.11, but extended many times in
3GPP 51.011 and 3GPP 31.102. This interface is also called the “SIM Toolkit
Application Programmer’s Interface”, or “STK API”.
Here, the baseband processor is the master, and initiates all communication. However, a
feature of the STK called “proactive SIM” also allows the SIM to send commands to the
baseband processor using a “polling” arrangement. In this arrangement, the baseband
processor polls the SIM every 30 seconds or so, asking it, “Do you need me to do
anything?” At that point, the SIM can answer with a command, and the power that the
proactive SIM can have over the baseband processor is impressive, actually beyond that
of the application processor. In particular, the SIM can send SMS, start USSD sessions,
and control supplementary services, like call forwarding. And nearly all of the SIMs in
the market today are proactive.
There is no direct communication between the application processor and the SIM. Some
baseband processors can relay information between the application processor and the
SIM, but this is not common. The SIM acts directly through the baseband processor
without any involvement of the application processor, meaning that, without special test
equipment, the user may have no way to know what the SIM is doing.
Conclusion
The smartphone is a complex system, and may not be what you expect. What you see on
the screen is like the surface of a deep, murky pool. If smartphone behavior is an issue in
your work, it is best to find an expert with the experience and tools to examine and
analyze the evidence and help you correctly interpret the situation.