The question from OPs post in this thread:

Does GOS airplane mode completely disable e911 tracking? I don't mean user calling them, but them using e911 pings/capabilities as a means to track YOU.

other8026 From that linked answer:

By making an emergency call, you're explicitly asking to disable airplane mode. If you don't want to make an emergency call, don't make an emergency call.

I think the question asked in this thread is different from the answer linked in that other thread.

OP's assumptions in this thread are:
Airplane mode is on
No outgoing calls from the users device
Can triangulation via e911 still occur?

The answer linked in another thread is assuming that the device is "making an emergency call", but that's not the case for the question asked in this thread.

I think OP got confused and made some mistakes in the last thread.
But the question asked in this thread is better formulated IMO.

I can see why this could be important to know for some threat models.

  • de0u replied to this.

      zzz OP's assumptions in this thread are:
      Airplane mode is on
      No outgoing calls from the users device
      Can triangulation via e911 still occur?

      [...]

      I can see why this could be important to know for some threat models.

      I believe it is addressed by a FAQ entry on the project web site: https://grapheneos.org/faq#cellular-tracking

      • zzz replied to this.
      • zzz likes this.

          de0u

          Thanks for that

          I think this would be most relevant quote from the website's documentation:

          Activating airplane mode will fully disable the cellular radio transmit and receive capabilities, which will prevent your phone from being reached from the cellular network and stop your carrier (and anyone impersonating them to you) from tracking the device via the cellular radio.

          That should directly address OP's question.

          I think the only final point of clarification would be to name the 911 services explicitly -

          does Airplane mode fully disable emergency 911 transmit/receive, in addition to the other kinds mentioned in the documentation (transmit/receive from the carrier or carrier impersonators)?

              zzz I think the only final point of clarification would be to name the 911 services explicitly -

              does Airplane mode fully disable emergency 911 transmit/receive, in addition to the other kinds mentioned in the documentation (transmit/receive from the carrier or carrier impersonators)?

              I think "fully disable the cellular radio transmit and receive capabilities" should do it, no? If the radio is neither receiving nor transmitting, what would the E911 threat vector be?

                  zzz if '911 services' make use of the cellular radio, which i can't say for certain as i didn't research the implementation of emergency services, but i assume with high certainity it is using the cellular radio.

                  Then what is stated in the faq, how its currently written, if using cellular radio, would mean '911 services' can't transmit/receive.

                  I'm no software engineer, so i could somehow understand a certain 'paranoia' (for lack of better term in my english vocubalary) for a software 'killswitch'/airplane mode. But i do trust the software engineers of this project if they state so. A phone with a hardware killswitch for the radios may be more tailored to op if he wants to be 100% certain.

                  Alternatively a high quality faraday bag would accomplish the same as a hardware killswitch.

                  • de0u replied to this.

                      de0u
                      Agreed, its enough for me personally as well.
                      I am able and willing to extrapolate and connect the dots that way and feel satisfied.

                      Still, IMO, this thread could be slightly improved by an official source explicitly mentioning that emergency 911 services is another other party whose tracking is mitigated by airplane mode.
                      (in addition to carriers and carrier impersonators already mentioned in the docs)

                      Not necessary for me or even for most people, but perhaps still useful for others with deeper fears / less immersion in the subject like OP and others.

                      The less extrapolation / thinking is needed from the reader, the easier it will be for OP and others to feel satisfied and move on from this topic (I hope).

                        de0u I think "fully disable the cellular radio transmit and receive capabilities" should do it, no? If the radio is neither receiving nor transmitting, what would the E911 threat vector be?

                        When I was still using the standard Pixel OS, it was clearly stated that receiving and transmitting emergency numbers, police, fire etc bypasses airplane mode, this is expected behavior and I don't expect it to be any different on GrapheneOS, unless there is a change in the overall design of which I am unaware. This is also supposed to work without a SIM card.

                          r134a A phone with a hardware killswitch for the radios may be more tailored to op if he wants to be 100% certain.

                          Perhaps. How does one verify that a "hardware killswitch" works? By no means am I suggesting that any particular device's "hardware killswitch" doesn't work! My question (also above de0u) is what the standard of evidence is.

                          Is some statement in the FAQ section of the GrapheneOS web site enough, or not? If the existing statement were made a little longer, to go beyond "no transmitting or receiving", to explicitly mention E911, would that be enough? Would it be necessary to add another explicit statement about "Type 0 silent SMS"? What if the GrapheneOS Foundation (hypothetically!!) were to hire an RF engineer to write a report -- would that be enough?

                          I think it would be beneficial, given the history of similar questions from the OP, for the OP to state what a convincing answer to the question would be.

                                de0u it probably can be verified by checking physically if the killswitch disables power to the radio, just as in the same way it can be verified by looking thru the code, or trusting the ones who coded it as stated in the faq.

                                For me at least it is verified by reading the faq, i assume it isn't for op, so i proposed 2 alternative options since all 3 accomplish essentially the same, but the software implementation could in theory be bypassed if the device got compromised.

                                A hardware killswitch or even faradaybag could get bypassed aswell, but would need to be physically compromised.

                                I am curious aswell on what would be a convincing answer for op. I for sure wouldn't mind a report from an rf engineer.

                                • de0u replied to this.

                                    de0u

                                    I think it would be beneficial, given the history of similar questions from the OP, for the OP to state what a convincing answer to the question would be.

                                    From earlier:

                                    de0u What would count as a convincing answer?

                                    GeorgeSoros just a clear open full answer to the specifics of the qn.

                                    Of course, I can't speak for OP.
                                    But for me:

                                    I think the official documentation cited earlier counts as 95-99% of a complete answer to the question:

                                    zzz "Activating airplane mode will fully disable the cellular radio transmit and receive capabilities, which will prevent your phone from being reached from the cellular network and stop your carrier (and anyone impersonating them to you) from tracking the device via the cellular radio."

                                    For the remaining 1-5% of the answer, I think this would address it, if it did come from an official source:

                                    de0u If the existing [official] statement were made a little longer, to go beyond "no transmitting or receiving", to explicitly mention E911, would that be enough?

                                    I still think it would help some folks combat their fears and overcome knowledge gaps if E911 could be clarified this way officially.
                                    As frustrating as it has been to deal with OP's posts and etiquette, I still think the core question and desire for clarification with respect to airplane mode and E911 is valid.

                                              r134a it probably can be verified by checking physically if the killswitch disables power to the radio

                                              In practice this might be harder than it might sound like it would be.

                                              Again, not to be a conspiracy theorist, but if there is a little bank of DIP switches inside a phone, or "hardware killswitches" carried outside the case, what exactly do they connect to? One might want to make sure the "hardware killswitches" aren't just GPIO inputs to some microcontroller responsible for managing power distribution to various things on the motherboard. One might also be curious about whether chips can accidentally draw enough power parasitically to operate to some extent.

                                              My point is that "100% certain" is not that easy to get. "Hardware killswitches" are not magically a "100% certain" answer.

                                              Some people wanting to be "certain enough" that some piece of hardware isn't running inside a modern densely-packed phone might need to hire somebody with genuine hardware expertise. Other people might be satisfied by a statement on a project web site that says neither transmitting nor receiving happens in certain circumstances. It's fine for different people to set different privacy goals and to follow different paths toward privacy goals.

                                              At this point it would probably be productive for the OP to state exactly what would be accepted as a convincing answer. Perhaps the GrapheneOS project is in a position to provide that, perhaps not. Perhaps the OP might personally hire an RF engineer. There may well be people out there who face threats so complicated and dire that they should hire a security consultant, because accepting assurances from anonymous people on an online forum would be unwise.

                                                Many people have said over the years Airplane mode doesn't really turn everything off. Most fearful people never trusted a regular cell phone in airplane mode with a battery still in it, or even with the main battety pulled out, since some power sometimes still resides on the board, unless they are using a burner phone they intend to throw away.

                                                Now Graphene OS indicates "airplane turns off everything" and we as users have no way to measure and test that.

                                                The fear of the original poster is shared by many and a longer response going into more depth would probably be enough.

                                                No one thinks the developers of GOS are stupid or don't know what they are doing and would accidentally mess up. At the core of this is whether GOS could mitigate against big data tracking but be somehow allowing emergency tracking because they think it's the morally correct thing to do. We all know about Atom and other honeypots. Most fearful users think GOS is likely not a honeypot. The code is open, there are hardened features, but many of us know that adversaries are not stupid and can use extreme deception. It is not distrust of GOS but distrust of adversaries who are cunning.

                                                Many have noticed the intense and negative response fearful users of GOS get when asking questions about these fears, much of which involves claiming users are spreading misinformation. I don't know whether the responses are because the developers have put so much time effort and energy into GOS that they are genuinely offended when someone says something stupid or inaccurate or whether it's an effort to control how people perceive things to directvaway from such questions. I would guess it's because of how much work GOS developers do. There are constant updates and improvements and it must involve tremendous effort and to read ignorant posts may be displeasing.

                                                But from the perspective of a fearful user, the original post had a good question and instead of reacting in a normal way ("the user is still scared after the documentation answer so more depth is needed. Let's discuss this") instead the response is diverting "what exactly is proof and what are you looking for" which derails things into semantic inquiries.

                                                Do normal Android phones turn off all cellular telemtry in airplane mode? I have heard over and over again that such things are not true and pings still occur but just much less frequently. Is GOS dev position that this is misinformation or that GOS is somehow different?

                                                • de0u replied to this.

                                                  "Connecting to your carrier's network inherently depends on you identifying yourself to it and anyone able to obtain administrative access. Activating airplane mode will fully disable the cellular radio transmit and receive capabilities, which will prevent your phone from being reached from the cellular network and stop your carrier (and anyone impersonating them to you) from tracking the device via the cellular radio. The baseband implements other functionality such as Wi-Fi and GPS functionality, but each of these components is separately sandboxed on the baseband and independent of each other. Enabling airplane mode disables the cellular radio, but Wi-Fi can be re-enabled and used without activating the cellular radio again. This allows using the device as a Wi-Fi only device."
                                                  https://grapheneos.org/faq

                                                  Respectfully, GOS devs don't have to answer fearful users differently than other users. This has been answered numerous times and is on their FAQ. Either accept the answer or don't, but don't expect a different answer.

                                                    angela Many people have said over the years Airplane mode doesn't really turn everything off.

                                                    To be clear, on modern phones with Wi-Fi, airplane mode often does not turn Wi-Fi off. It also may well not turn Bluetooth off. I suspect it does not turn NFC off. So a claim that "Airplane mode doesn't really turn everything off" is true and easy to verify.

                                                    Also, to be clear, there are fairly-credible reports that in the past malware has been manually implanted on individual phones to transmit audio when a phone appears to be off (source). Once piece of good news is that GrapheneOS has pretty good resistance to persistent malware, which means that rebooting has a high likelihood of removing malware from a device running GrapheneOS. That said, somebody concerned about being individually targeted by state actors should seriously consider getting expert advice from a professional security consultant (as opposed to YouTube videos or forum posts by anonymous users).

                                                    I absolutely agree that most GrapheneOS users don't personally have the training to measure whether or not a cellular transceiver is receiving or transmitting. Each user needs to find some way to decide what to trust. Some users may choose to trust what's already on the project web page. Other users might not trust anybody except for an expert they personally hire.

                                                    angela Now Graphene OS indicates "airplane turns off everything" and we as users have no way to measure and test that.

                                                    I think the FAQ entry on the GrapheneOS web site claims something much more precise: "Activating airplane mode will fully disable the cellular radio transmit and receive capabilities".

                                                    angela Do normal Android phones turn off all cellular telemtry in airplane mode? I have heard over and over again that such things are not true and pings still occur but just much less frequently.

                                                    There are probably hundreds of models of phone in circulation today. I don't know which would be considered "normal Android phones", or how to support a claim about what all of them do or don't do in airplane mode.

                                                    I think the GrapheneOS web site intends to limit the claim about cellular activity in airplane mode to Google Pixel devices that GrapheneOS runs on. I also think that on the GrapheneOS user forum it might be best to focus on any potential evidence that for Google Pixel phones in airplane mode "pings still occur but just much less frequently". If no evidence can be presented, some people might choose to accept the clear statement (no transmit, no receive) on the project's FAQ page. Other people might choose to hire an expert who they feel they could trust.

                                                    Or, I suspect, 90% of GrapheneOS users live under 50 miles from a university with an electrical engineering department. These days many electrical engineering departments have enough equipment to scan for emissions in various cellular bands. So it might be possible to obtain an expert opinion for free.

                                                    Some alarming claims about cellular-network surveillance are alarming and can be supported by evidence. Other claims are alarming, and could be measured, but are circulated without evidence. That seems irresponsible, because circulating alarming claims without evidence has a tendency to alarm people. The responsible thing would be to do the measuring so the alarming claim could be circulated with evidence.

                                                    Without personal expertise it's hard to know what to make of claims found online. But there are things that can be done. One thing is to collect the claims and ask a nearby person who does have expertise. If one encounters a claim that "pings still occur but just much less frequently", one could ask somebody who repairs cellular phones for a living if that person has observed that phenomenon, or ask an RF engineer to check whether it happens for one's personal phone. None of us can be an expert on everything, but all of us can consult an expert we feel can be trusted. It is not necessary to just live in fear.

                                                          Exhort14 Fair enough

                                                          I took a moment to search a new keyword on the forum that I hadn't thought to try before ("E911") and found this post from a mod:
                                                          https://discuss.grapheneos.org/d/9175-e911-remote-activation/2

                                                          [...] you should assume that your cellular network provider can track your location at all times. The only way to prevent that is by enabling airplane mode.

                                                          Therefore, enabling airplane mode would also protect you against the form of tracking you specify. [E911]

                                                          Especially now that I've seen a moderator confirm about using airplane mode with E911 specifically, I'm fully satisfied and agree with you.

                                                          For me, it was originally just a semantics quibble.
                                                          Turns out all along it was just a matter of finding the link to the right post with confirmation about terminology... and moving on.

                                                              zzz I took a moment to search a new keyword on the forum that I hadn't thought to try before ("E911") and found this post from a mod:
                                                              https://discuss.grapheneos.org/d/9175-e911-remote-activation/2

                                                              Not sure how this settles it for you, as the mod in this link explicitly goes on to say he's happy to have others correct him, which then happened.

                                                              Then the OP in the link you cited wrote this:

                                                              "So GrapheneOS retains and allows the remote activation of e911 even without dialing 911? That is surprising I wonder if it's for legal reasons".

                                                              Then no one provided any clarification, even after another poster said she too wanted to hear the answer. That's how the thread ended.

                                                              Hence my effort to get final resolution.

                                                                GeorgeSoros

                                                                A little late but to try to elaborate that point, i think it is actually possible.

                                                                Keep in mind i'm no expert at all, but i played around a little bit with a hackrf, and was able to sniff a cell tower (GSM) and see which "imsi adresses" are connected to it, and their signalstrength relative to my hackrf or celltower (not sure anymore, been a while).

                                                                A very short analogy is that an imsi number can kinda be compared to a macaddress as a unique identifier, and it is stored on your simcard. I think it can't be spoofed unlike mac address, atleast not as easily. I don't know where u from, but in Europe u can't buy a simcard legally without id. This means an imsi number in europe is tied to a identity.

                                                                If there are parties that have the capabilities to track your location, i'm almost certain they could find out what floor your on. I don't know in the first place if "height" could be determined by triangulation with cell towers, but if it wasn't they probably can do it on the location itself.

                                                                If i knew your location and imsi number, and to which cell tower u are connected, i think i can locate your floor just with my laptop and a sdr, but in a sloppy manner, trying to narrow it down based on signal strength and actually starting my way up from ground (given i have acces to the building)

                                                                I can imagine these parties have way more resources, and experience...

                                                                Possibly they could have more of a stingray like device which they could use on location. Maybe even on a drone if they don't have acces to that building, who knows...

                                                                    r134a i think it is actually possible.

                                                                    Precisely. Your explanation makes sense.

                                                                    This is why it's not correct to say this has been completely addressed. It's a legitimate concern.

                                                                      Airplane mode works. If airplane mode is on, it's not possible for anyone to remotely trigger the phone to enter an emergency mode. As many people have already said, if all the radios are off, nothing is going to communicate with the phone. So, in that case, don't call an emergency number from the phone.

                                                                      It was suggested that maybe wifi calling can be a way around airplane mode... I looked through the code and it doesn't look like incoming calls from emergency numbers would trigger the phone to go into an emergency mode.

                                                                      Honestly, if you don't trust the police or your mobile provider but need access to the internet via wifi, enable airplane mode, disable or take out the SIM card, then connect to wifi.

                                                                      Edit: forgot to also say disable wifi calling if desired.