VoIP/chat apps that demand the "phone" permission

newuserx

Kind greetings community,

My question pertains to protecting the device phone number (the SIM/eSIM phone number(s)) from VoIP/chat apps such as WhatsApp which demand that the "Phone" permission is granted to the app in order to make or receive calls. Denying access results in the app not letting you receive/place calls via the app.

This seems invasive and unnecessary since VoIP/chat apps such as WhatsApp do not place calls over the carrier network directly. It also defeats the efforts of users who might use a separate phone number for this type of app in order to protect their privacy and their true SIM/eSIM phone number. Signal and Telegram for example do not force you to grant this permission to make/receive calls and they seem to work just fine with this permission denied.

Does GrapheneOS implement any features to protect/withhold the SIM/eSIM phone number(s) of the device from these types of apps, even if the user reluctantly grants the "phone" permission?

Would it be feasible to implement such a feature in GrapheneOS at some point to guard against this invasive practice?

If not, would it be effective or advisable to use a workaround such as that mentioned in this post on a related context, using appops from the adb shell and setting the READ_PHONE_NUMBERS, ANSWER_PHONE_CALLS, CALL_PHONE, READ_PHONE_STATE ops to ignore. Or would this cause problems/unintended risks to the OS security model?

Any insight is much appreciated. Thanks to all in advance!

yellow-leaves

As far i know there are no features available in Graphene that allow you to spoof the phone permission

I might be talking out of my arse here but as granting a profile the phone permission is optional you may be able to grant apps inside such a profile the phone permission thus making the app happy while ultimately denying the app the ability to access your phone number and other cellular services.

newuserx

Thanks for getting back to me @yellow-leaves

This is true, its possible to deny phone calls & SMS to the other profiles but my understanding of this feature was that apps can still read the "phone state" and "phone numbers" of the device, but that phone calls and sms can not be made/sent out from that profile.

I seem to recall reading somewhere in the documentation or in another post, a little over a year ago, that it was not possible to fully separate the "phone features" of the device per profile because of the way Android interfaces with this part of device hardware. So the OS can block phone calls from being made but it could not deny reading the state/numbers if the phone permission was granted.

But perhaps I misunderstood or something has changed in the OS since then?

yellow-leaves

You definitely appear to be right about this.
Today I was setting up a secondary user that wasn't granted the phone permission, yet my phone number appeared at Settings/About phone.
So yeah, definitely assume that any app granted the phone permission (Settings/Multiple users/USERNAME/ "Turn on phone calls & SMS") will have access to the phone state and number no matter whether the profile as a hole has been granted such a permission.

newuserx
I suggest you make a feature request on grapheneOS GitHub page if you desire the ability to somehow spoof the granting of the Phone permission