What information can apps collect without specific permissions?

xnat834

A passage in the FAQs mentions:

Examples of the global OS configuration available to apps are time zone, network country code and other similar global settings."

I read a blog entry of German security researcher Mike Kuketz, who is also using GrapheneOS on his personal smartphone, which lists some information that the PayPal app collected during his tests, but it isn't clear whether this specific device used was set up with GrapheneOS and which permissions were given to the app.

Is there a list of all the information that apps can read without being given specific permissions on GrapheneOS? Which of the information mentioned in the blog post could be relevant and which not?

Example problem: Someone using a VPN in a separate profile might have their privacy reduced if an app can read the global time zone or network country code. It could also simply block the usage of the app if it finds a mismatch between the location that it determined from the user's IP address and the global time zone and other settings.

Thank you.

de0u

xnat834 Welcome!

An hour before you joined, this relevant post was made: https://discuss.grapheneos.org/d/15899-not-full-device-vpn-on-social-media-apps/2

It might make sense to read some posts from the past week or so.

doublefree

xnat834

It could also simply block the usage of the app if it finds a mismatch between the location that it determined from the user's IP address and the global time zone and other settings.

And block all travels?