Does GoS provide extra (or any) protection against stingray/dragnet equipment?
GOS and stingrays
GeorgeSoros It doesn't place trust in the network and doesn't even trust it to obtain the time like the stock OS. We strongly recommend using end-to-end encrypted messaging apps and avoiding carrier-based calls and texts so you're not trusting the network with them. We recommend only thinking about our 4G-only feature as an attack surface reduction feature and not treating it as providing any protection against interception which is not the purpose and it cannot do much to resolve how weak cellular encryption/authentication is for that purpose. Interception can also be done through the network itself by people with access to it or governments able to exert control over it. Lawful interception support is built into the design of cellular and there's little to stop any of it being abused for unlawful purposes too.
GrapheneOS thanks, so GoS would send back scrambled data to the device, or would the stingray device not receive anything since GOS doesn't trust the dragnet's network?
GeorgeSoros
No. A stingray would see exactly the same data that a regular cell tower would see. GrapheneOS would not be able tell the difference.
Probably9857 No. A stingray would see exactly the same data that a regular cell tower would see.
Then why did grapheneos say this: " It doesn't place trust in the network and doesn't even trust it to obtain the time like the stock OS."
Making it seem otherwise?
What's the truth?
GeorgeSoros
It doesn't trust the regular cell networks.
- Edited
GeorgeSoros Then why did grapheneos say this: " It doesn't place trust in the network and doesn't even trust it to obtain the time like the stock OS."
Well...I would have stated that a little differently.
GrapheneOS doesn't trust the network any more than necessary, while still giving you the ability to use the network if you choose to do so.
The fact is, that cellular networks are inherently insecure, and simply by connecting to it you are likely to be identifiable (unless you have very good opsec), you will definitely be trackable, and if you use voice calls or SMS your communications can be intercepted.
All of that is true, regardless of whether you are connecting to a stingray or a normal cell tower. The only difference is, "by whom?"
GeorgeSoros Then why did grapheneos say this: " It doesn't place trust in the network and doesn't even trust it to obtain the time like the stock OS."
That post contains other important material, including:
GrapheneOS We strongly recommend using end-to-end encrypted messaging apps and avoiding carrier-based calls and texts so you're not trusting the network with them.
...and:
GrapheneOS Lawful interception support is built into the design of cellular and there's little to stop any of it being abused for unlawful purposes too.
I would say that GrapheneOS tries to avoid placing trust in the cellular network, but does not stop users from using it and exposing themselves to the normal consequences of using it. Aside from cellular location tracking, the project is transparent about Wi-Fi calling detouring around Android VPNs. I also think the forum moderators have been repeatedly clear that the way to avoid normal cellular location tracking is to turn the cellular modem off via airplane mode.
A general "stingray defense" for cellular devices isn't feasible, so naturally GrapheneOS doesn't provide one (aside from turning the cellular modem off via airplane mode).