The purpose of Android's Phone permission is to give apps the ability to make and manage carrier-based calls. It also provides access to related information on the phone number and carrier. This information can also be obtained through the ability to place a call providing by the permission. This permission also isn't required by apps implementing their own calling system. Signal/Molly is a very widely used example of an app implementing non-carrier-based calls and doesn't require this. It's not required to properly avoid conflicts between calls and other apps playing audio. Android has a solid audio focus system and nearly every app integrates well into it. No permissions are required to properly implement this kind of user experience. Phone permission is for apps making/managing carrier-based calls, not VoIP calls. Some apps request it simply to autofill the user's phone number if they use it as their account identifier such as Signal and WhatsApp, but those apps almost always work without it particularly since they want to support using a different phone number than one assigned by a carrier to the device.

GrapheneOS provides Contact Scopes and Storage Scopes for working around privacy invasive apps unnecessarily insisting on access to the contacts and storage/media permissions. It would still be better if these apps simply used the standard Android contact picker, file picker and photo picker on their own, and that's something users already should have been expecting from apps. These scope features are a way of working around many apps insisting on having access they don't require. This is far less common with other permissions, so it hasn't been prioritized to the same extent. However, we plan to provide similar features for other permissions including the Phone and SMS permissions along with Camera, Microphone and others.

We have limited development resources and a lot of them need to be spent on maintaining what we already provide and porting to new Android releases. Since we continue to add more features and raise the bar for quality, we have increasingly reduced time for adding new features. We have to carefully choose what to prioritize and can only gradually implement a small fraction of the features we want to add. Adding alternatives to granting the Phone and SMS permissions for apps insisting on having them is not at the top of our priorities. One of our top priorities for privacy is providing control over which apps can read clipboard contents set by other apps when they focused, etc. Providing a per-app replacement for the standard mock location feature is also likely a higher priority than the Phone and SMS permissions.

If you don't want apps having access to this, then simply reject their request for it. If an app insists on having it and won't work without it, use a different app. There are lots of VoIP options without the unreasonable expectation that you share your carrier-based numbers with them. Apps insisting on having access to this permission are doing it for data mining and you don't have to tolerate it. You do not have to use those apps. Permission requests do not have to be granted. The whole point of having a permission system is the option to reject it. You do not need features like Storage Scopes and Contact Scopes to benefit from the permission model. Those features are nice to have to work around invasive apps and use them despite their intention to coerce you into giving access to your data. However, you already had the option to say no and avoid using apps insisting on saying yes before we provided these features. You currently have that option for permissions like Microphone and Phone prior to us adding similar features offering an alternative to granting them. It's up to you if you want to use a privacy invasive app demanding access it shouldn't need.

MySudo unnecessarily demands access to this permission, has an unnecessary hard dependency on Google Play and bans using an alternate OS for registering an account. Leave a 1 star review for their app on the Play Store explaining this is why and use a better option like jmp.chat. Send app developers a link to https://grapheneos.org/articles/attestation-compatibility-guide if they're banning using alternate operating systems to show them how they can permit GrapheneOS without losing any of what they're trying to do.

Storage Scopes and Contact Scopes didn't exist for most of the lifetime of GrapheneOS. No one should feel entitled to having more features like this from us covering more permissions. We implement what we can based on our available resources and our priorities. No one should be attacking the project and our team based on this. We're aware everyone has their own ideas on what should be prioritized, but most of the community seems quite happy with how we choose our priorities. We're currently working on 2-factor fingerprint unlock, per-app clipboard control, preventing other kinds of leaks with third party VPN apps, control over communication between apps and other features. Some people would prefer if we'd prioritize other things, but it's up to us and it's not open to negotiation. Contacting developers trying to influence our prioritization or publicly attacking our project members based on it is highly inappropriate and isn't going to be tolerated. We aren't going to provide a platform for it and it's not going to influence our priorities. It's taking resources away from development and is in fact delaying the implementation of features.

    Thanks for the details about this.
    P.S. +1 for jmp.chat, reliable and doesn't force you to use a specific app.

    Thanks for the post, I didn't know that apps like Signal or Whatsapp didn't need access to phone permissions and logs to work, so I've done a little clean-up.
    I'm really looking forward to seeing the rest of the new features, well done to the GOS team!
    I'm also very pleased to see that you're managing your project as you see fit, without any outside influence. Too many projects have lost interest by trying so hard to please everyone.

    thank you for the detailed explanation :-)

    I am very happy with my GrapheneOS experience. The whole OS works stable and just gets out of my way. Best Phone Experience I ever had.

    Perfect, I did it now on viber.

    "If you don't want apps having access to this, then simply reject their request for it. If an app insists on having it and won't work without it, use a different app."

    A reminder for everyone, this not only applies to your smartphone apps, this concept can be applied to everything you do, pick providers/sellers/businesses that don't try to violate your data and privacy. Example: Applying for sim card? Pick one that don't ask too many details or is doing credit checks

    GrapheneOS We have limited development resources and a lot of them need to be spent on maintaining what we already provide and porting to new Android releases. Since we continue to add more features and raise the bar for quality, we have increasingly reduced time for adding new features.

    The more features you add, the more time you need to maintain and you need to port to newer android versions...a never-ending vicious circle that is becoming increasingly difficult.

    That's why I agree, the features that are implemented should be well thought out and serve the majority rather than a minority

    GrapheneOS

    Thank you for this detailed post with helpful information and the insight into which features are currently being worked on.

    Thankyou for the detailed post and helpful information, this is informative and well communicated

    Thank you for the clear and honest communication. I am very grateful for your time put into this and I totally appreciate your efforts in developing the features you see fit for future releases. Using this amazing software is a privilege, not a right.

    Sadly WhatsApp doesn't allow a user to make or even receive voice calls without granting the Phone permission.

    I would love to use a different app but too many of my friends are using WhatsApp only.

    Is there a known workaround to avoid granting WhatsApp the Phone permission while still being able to make or receive voice calls?

      evalda
      maybe not the ideal solution, but have you tried to communicate via WA voice messages instead? initially i was skeptical, but offline communication made my responses much more measured and articulated. my travel phone sim is currently disconnected and is connected to GOS WA via add account feature and chat/voice messages work.

      GrapheneOS

      Thanks. Its sad to have clarified but i glad you did it. I always shocked to hear developers getting attacked or harassment.

      P.S. Its nice to get a bit of information on what is worked on. I am existed at leased and glad of the work of the team.

      GrapheneOS You guys have completely changed my life. As well as many members of my family and friend's lives, in a seriously massive way, by leading the charge and changing the game in the privacy and security world. All of this is given to us for free, which a surprising lot of people seem to forget and act as if they're entitled to something specific that they want without having even donated or contributed in any way.

      I used to get annoyed about how WhatsApp won't let you even make/answer calls without the Phone permission. But now I just don't answer WhatsApp calls at all. If I get a missed call, I send them a pre-written message giving a brief explanation as to why I only enable WhatsApp to check messages once a day, then disable it again (something that is made possible/far easier thanks to GOS). I then give them multiple options to contact me on, that are far better for privacy, like Molly/Signal. If they can't be bothered then too bad.

      I know the example I gave above, isn't possible for everybody. I know there are people who have to use WhatsApp for their jobs and things like that.

      It just frustrates me how GOS has people upset with them because they haven't implemented every single perfect privacy preserving feature in the world yet so people can (in their minds) use seriously invasive apps but not have their privacy invaded at all.

      We need to just do our best to not use apps that insult our intelligence by forcing permissions on us in a transparent attempt to get more data from us...

      The clipboard control sounds very exciting, as do the other upcoming features!

      Thanks as always to the GOS team!

      Thank-You for the hard work that is done for GrapheneOS, staying focused on the priorities is key. This approach is much preferred over trying to focus on everyone else's wish list.

      GrapheneOS One of our top priorities for privacy is providing control over which apps can read clipboard contents set by other apps when they focused, etc.

      Sooooo Good to hear that.
      The USB port security and clipboard privacy are main reasons I switch to an alternative OS. Looks like GrapheneOS happen to fulfill both of them.

      • [deleted]

      • Edited

      The previous thread was deleted so I'm re-posting my question here

      Are there any other permissions say call logs or SMS, that could lead to the disclosure of sim phone number?

      Based on the @GrapheneOS 's previous post, it seems SMS permission will also lead to the disclosure of sim phone number as well

      Being able to make a carrier-based call implies being able to obtain the phone number, in the same way as sending a text message implies it. It's straightforward that it would simply give access to it directly too. Even if it didn't, it could be obtained by making a call.

        [deleted] The SMS and call log permission groups are regarded by Google as highly sensitive permissions.

        See:

        So yes, the call log and SMS permissions absolutely do allow the app access to your phone number.

        After all, the permissions give the app access to your call logs or your SMS messages, and both those logs contain your phone number within.

          I installed a banking app. When I launched it, initially it asked for the Phone permission, and if not given, it would refuse to work. Apparently, one of the permissions under it was CALL_PHONE, which has such a note (read the AOSP permissions manifest):

          An app holding this permission can also call carrier MMI codes to change settings such as call forwarding or call waiting preferences.

          This is just an expansion on what has been said before. My personal choice was to choose another bank that does not force me to accept this privacy unfriendly permission, even though calls by the app could be made without holding it.

          • [deleted]

          treequell and both those logs contain your phone number within

          The call log not only provides access to the incoming and outgoing numbers of the other party but also to the SIM card of the phone itself, I see.

          From your link

          Apps must be actively registered as the default SMS, Phone, or Assistant handler before prompting users to accept any of SMS or Call Log permissions.

          It's strange that the Phone permission prompt doesn't have such requirement, i.e must be actively registered as default SMS, Phone, or Assistant handler. This will eliminate those blocking phone permission prompt like in mysudo or whatsapp