Is the IMEI broadcast on reboot, regardless of Airplane Mode?

I'm using Airplane mode on my device without any physical sim inside the device ever, with WiFi calling and VPN
on the companion router, so that no Carrier (I'm using e-sims) would ever have a possibility to go after me.

Yes, it's an expensive setup, you must get a e-sim and pay it with crypto, but if your threat model is ok with that, mine is, feel free to ask more questions.
I spent less than $50/mo for a global, E-sim with a nice amount of data.

It doesn't resolve the technical bit but a workaround would be to use a faraday cage or a similar signalblocking equipment/bag/phone case and power it up there first time whenever required and then remove it from the bag.
It could be a simple and cheap workaround.

Example below from Amazon. The search terms should be similar. I didn't spend time looking just took first result.

Simket Faraday Bags for Phones and Car Key 2 Pack, Signal Blocking Pouch, Cell Phone Signal Jammer, Car Key/WiFi/RFID/GPS Signal Blocker Black (m) https://www.amazon.com/dp/B0BZCFXN8X

If I recall correctly, the OS needs to enable cellular before it broadcasts anything, and airplane mode works on reboots

23Sha-ger

...after our conversation I took a look at your other posts and I can state that we are on the same page and have similar setup...

I see many words, but no “Yes, it does.” or “No, it does not.” response.

Did I manage to miss the answer? (wouldn’t be the first time)

Kerfluffle Is there anybody here who knows the answer to this? Any developers who would know?

I think there is likely to be only accidental overlap between GrapheneOS developers and people who could truly answer this question.

First I think it's important to point out that the "automatically broadcasts its IMEI as part of its hardwired initialization process" bit from the other thread is pure speculation which does not cite any sort of evidence. It could be happening, but other kinds of leakage could be happening too! In theory the Wi-Fi hardware could sneakily leak a couple bits of the true hardware MAC each time it associates with an access point. I just made that up right now, but it could be happening!

It might be productive for somebody with cellular radio expertise and equipment (e.g., a fake cell site, "Stingray", etc.) to report on what cellular traffic, if any, is observed as a Pixel with GrapheneOS set to "airplane mode" boots. But it is at least fairly plausible that none of the GrapheneOS developers have that kind of equipment lying around.

The question is interesting, but asking a friendly local cell-tower technician to look into it might make more sense than asking the GrapheneOS developers. Please note that I don't speak for the GrapheneOS project.

Very cool that this question is already asked but no answer from GOS dev's. Why they ignore this question? One user explained this problem. Anyway I already removed Emergency Services, it's always work in background and I don't like it.

secure_adict Very cool that this question is already asked but no answer from GOS dev's. Why they ignore this question?

One hypothesis is that maybe none of the GrapheneOS developers have an IMSI catcher. I think many people don't.

Meanwhile, some university labs have radio diagnostic equipment. Alternatively, a GNU Radio enthusiast might have the right equipment. If people who are very intent on an answer to this question asked somebody who has the right equipment, that might produce an answer.

de0u Someone could hit up SRLABS with this topic. They have a lab and their own base station. Cheers.

[deleted] Someone could hit up SRLABS with this topic.

That seems like a good avenue.

Probably at least 20% of university Electrical Engineering departments worldwide have enough equipment to give a good first-cut answer, so likely thousands of labs worldwide. I think it's possible that 90% of this forum's users live within 20 miles of such a lab.