GrapheneOS We have limited development resources and a lot of them need to be spent on maintaining what we already provide and porting to new Android releases. Since we continue to add more features and raise the bar for quality, we have increasingly reduced time for adding new features.

The more features you add, the more time you need to maintain and you need to port to newer android versions...a never-ending vicious circle that is becoming increasingly difficult.

That's why I agree, the features that are implemented should be well thought out and serve the majority rather than a minority

    GrapheneOS

    Thank you for this detailed post with helpful information and the insight into which features are currently being worked on.

      Thankyou for the detailed post and helpful information, this is informative and well communicated

      Thank you for the clear and honest communication. I am very grateful for your time put into this and I totally appreciate your efforts in developing the features you see fit for future releases. Using this amazing software is a privilege, not a right.

      Sadly WhatsApp doesn't allow a user to make or even receive voice calls without granting the Phone permission.

      I would love to use a different app but too many of my friends are using WhatsApp only.

      Is there a known workaround to avoid granting WhatsApp the Phone permission while still being able to make or receive voice calls?

        DeletedUser115
        maybe not the ideal solution, but have you tried to communicate via WA voice messages instead? initially i was skeptical, but offline communication made my responses much more measured and articulated. my travel phone sim is currently disconnected and is connected to GOS WA via add account feature and chat/voice messages work.

          GrapheneOS

          Thanks. Its sad to have clarified but i glad you did it. I always shocked to hear developers getting attacked or harassment.

          P.S. Its nice to get a bit of information on what is worked on. I am existed at leased and glad of the work of the team.

            GrapheneOS You guys have completely changed my life. As well as many members of my family and friend's lives, in a seriously massive way, by leading the charge and changing the game in the privacy and security world. All of this is given to us for free, which a surprising lot of people seem to forget and act as if they're entitled to something specific that they want without having even donated or contributed in any way.

            I used to get annoyed about how WhatsApp won't let you even make/answer calls without the Phone permission. But now I just don't answer WhatsApp calls at all. If I get a missed call, I send them a pre-written message giving a brief explanation as to why I only enable WhatsApp to check messages once a day, then disable it again (something that is made possible/far easier thanks to GOS). I then give them multiple options to contact me on, that are far better for privacy, like Molly/Signal. If they can't be bothered then too bad.

            I know the example I gave above, isn't possible for everybody. I know there are people who have to use WhatsApp for their jobs and things like that.

            It just frustrates me how GOS has people upset with them because they haven't implemented every single perfect privacy preserving feature in the world yet so people can (in their minds) use seriously invasive apps but not have their privacy invaded at all.

            We need to just do our best to not use apps that insult our intelligence by forcing permissions on us in a transparent attempt to get more data from us...

            The clipboard control sounds very exciting, as do the other upcoming features!

            Thanks as always to the GOS team!

              GrapheneOS One of our top priorities for privacy is providing control over which apps can read clipboard contents set by other apps when they focused, etc.

              Sooooo Good to hear that.
              The USB port security and clipboard privacy are main reasons I switch to an alternative OS. Looks like GrapheneOS happen to fulfill both of them.

                • [deleted]

                • Post #18
                • Edited

                The previous thread was deleted so I'm re-posting my question here

                Are there any other permissions say call logs or SMS, that could lead to the disclosure of sim phone number?

                Based on the @GrapheneOS 's previous post, it seems SMS permission will also lead to the disclosure of sim phone number as well

                Being able to make a carrier-based call implies being able to obtain the phone number, in the same way as sending a text message implies it. It's straightforward that it would simply give access to it directly too. Even if it didn't, it could be obtained by making a call.

                  [deleted] The SMS and call log permission groups are regarded by Google as highly sensitive permissions.

                  See:

                  So yes, the call log and SMS permissions absolutely do allow the app access to your phone number.

                  After all, the permissions give the app access to your call logs or your SMS messages, and both those logs contain your phone number within.

                      I installed a banking app. When I launched it, initially it asked for the Phone permission, and if not given, it would refuse to work. Apparently, one of the permissions under it was CALL_PHONE, which has such a note (read the AOSP permissions manifest):

                      An app holding this permission can also call carrier MMI codes to change settings such as call forwarding or call waiting preferences.

                      This is just an expansion on what has been said before. My personal choice was to choose another bank that does not force me to accept this privacy unfriendly permission, even though calls by the app could be made without holding it.

                      • [deleted]

                      • Post #21

                      treequell and both those logs contain your phone number within

                      The call log not only provides access to the incoming and outgoing numbers of the other party but also to the SIM card of the phone itself, I see.

                      From your link

                      Apps must be actively registered as the default SMS, Phone, or Assistant handler before prompting users to accept any of SMS or Call Log permissions.

                      It's strange that the Phone permission prompt doesn't have such requirement, i.e must be actively registered as default SMS, Phone, or Assistant handler. This will eliminate those blocking phone permission prompt like in mysudo or whatsapp

                        • [deleted]

                        • Post #22
                        • Edited

                        DeletedUser115 Is there a known workaround to avoid granting WhatsApp the Phone permission while still being able to make or receive voice calls?

                        My current workaround is to have an iPhone for any apps that requires phone/sms/call log permission. On iOS, no app is allowed to ever access sim card phone number/sms/call log regardless of what permission you give, absent of a jailbreak. https://developer.apple.com/forums/thread/16685

                          @[deleted] Your link is about third party iOS app's access to incoming sms, not about access to the phone number. So is there a real source that "On iOS, no app is allowed to ever access sim card phone number"?

                          @876fi I also had an android banking app (wallet) that asked for the phone permission. check https://discuss.grapheneos.org/d/14652-does-nfc-payment-apps-need-phone-permission I still got no explanation, why they keep asking for this permission.

                          @GrapheneOS Thanks for your statement.

                            DeletedUser59
                            Banking applications want this authorisation to protect against fraud.
                            When checking the IMEI of your phone, this authorisation allows you to be sure that it is really you and not a thief who has stolen your phone to get your money…

                            BTW: My bank app requires access to location and phone (device location, WLAN name and IMEI)
                            This app also works without these authorisations, but then without the extended account protection that my bank offers me when authorisations are granted.

                            The background to such requests for authorisations from banks is that everything now works with just one app and no really good additional protection such as a second device is required.
                            If such an app is successfully attacked, your money can be gone.
                            The bank saves itself the expense of separate devices and pays in the event of a loss if you have given the app authorisation and something happens anyway.

                            But: read your bank's terms and conditions and data protection regulations, because your bank may not protect you any better if you give their app all the authorisations.

                                Eagle_Owl Banking applications want this authorisation to protect against fraud.
                                When checking the IMEI of your phone, this authorisation allows you to be sure that it is really you and not a thief who has stolen your phone to get your money…

                                As per the post by DeletedUser59, starting with Android 10, apps are not allowed to access IMEIs. So if a bank is telling you that their app is protecting your account by reading IMEIs, they are blatantly lying to you.

                                Eagle_Owl When checking the IMEI of your phone, this authorisation allows you to be sure that it is really you and not a thief who has stolen your phone to get your money…

                                This does not make sense and if your bank is telling you this then they are again lying to you. An IMEI does not follow a person. If someone steals your phone, the IMEI does not change. There is no way that your bank is detecting that someone grabbed your phone and stole your device credentials based on an IMEI which their banking app cannot even access.