eSIM questions

tomgag

Can someone please clarify how eSIM support works on Graphene OS?

I have read the guide, where it says that you need Google services to activate eSIM support. But these comments seem to contradict the guide. Out of curiosity, I tried to enable the eSIM support in Settings > Network & internet from my Google-free Pixel 8. It rebooted, and it looks like the eSIM support is now available. Is the user guide obsolete in this sense maybe?

What my situation is now:

I use the Pixel as Google-free, single user for an identity Alice and a physical SIM for a phone number A.
I have another Android device with stock Android for a user Bob and physical SIM for a phone number B.

What I would like to do:

Convert Alice's SIM to eSIM. I have checked, my carrier allows this. But I don't want Google services on Alice's profile.
Create a new user profile for Bob on the Pixel, and install Google services (for Bob only).
Use interchangeably either Bob's old phone (in case I want to keep an eye on both user accounts and devices at the same time) or Bob's user on the Pixel (in case I want to carry only one phone with me) by swapping the physical SIM card when needed (Google will take care of syncing Bob's data).
Ideally, make sure that Alice's user on the Pixel only sees the eSIM but not the physical SIM, while Bob's user only sees the physical SIM but not the eSIM.
If the above is not possible, at least make sure that I can enable/disable SIM and eSIM separately for Alice's and Bob's profiles.

Basically, I want Alice to be reachable only at phone number A, and Bob be reachable only at phone number B.

You might ask, why bother with swapping the physical SIM? Because I think it's faster than having to re-provision the eSIM when I want to migrate Bob to the other device.

Do you think this might work?

de0u

tomgag I have read the guide, where it says that you need Google services to activate eSIM support. But these comments seem to contradict the guide.

Two different things are being discussed.

At present, eSIM management on GrapheneOS (such as adding an eSIM) requires some closed-source code written by Google to run. That code is not Play Services, doesn't require Play Services, and in fact is firewalled from Play Services if you have Play Services installed. The eSIM installation process for some carriers may involve an app provided by the carrier, which might share information about your device with anybody the carrier chooses (potentially including Google).

I believe the sources you cited are consistent with my description above and with each other.

tomgag

de0u Oh I see, thanks, that clarifies a lot!

Back to my plan, do you think it would work?

de0u

tomgag Back to my plan, do you think it would work?

I believe at present neither AOSP nor GrapheneOS support linking SIMs to specific user profiles. Also, I think there is only one contacts database, which secondary profiles can be allowed access to, or denied access to.

Overall I don't think the system is set up to do what you want, and I suspect it would take a fair amount of code.

tomgag

de0u OK thanks, this is interesting. I guess I could still make it work by enabling and disabling the SIMs when I switch users. But what you mention about the contact database is worrying, is there a way to confirm this information? Let's say that I do not give access to the database to the Google user. Does it mean that I cannot basically use any messaging/email app and Google won't sync my contacts there?

de0u

tomgag But what you mention about the contact database is worrying, is there a way to confirm this information?

It appears I misspoke. Instead of answering from memory, I just switched to a profile that has the "Turn on phone calls and SMS" slider enabled and launched the Contacts app, and it showed zero contacts. So it appears that the contacts database is cross-app but only within a profile.

iusegraphene

I added an eSIM to my Pixel 8a device, and now the OS won't let me delete it. Everytime I try to reset network settings, delete the eSIM, or turn off the eSIM the device tells me there was an error and to try restarting the device and try again.

Anyone have a similar experience?

de0u

iusegraphene Please start a new topic/thread to get support on the problem you are experiencing. This thread is about a user asking questions about how the system should behave in certain circumstances.

tomgag

de0u OK thanks a lot for checking, this is reassuring! So it sounds like I can do something similar to what I wanted, I just have to juggle with the SIMs manually.

tomgag

OK, I did some testing, and I found the following:

Setup: two different users (Owner and user B with phone calls/SMS enabled)
Contact database is not shared: user B does not see Owner's contacts, as reported by @de0u
However, call history and SMS is shared: B does see Owner's history

This is quite a bummer. If you want to use this user B for maximum separation for a Googe/invasive profile, this profile will still be able to sniff and collect data on all phone calls and SMS you receive. Even if you only allow phone/SMS sharing on occasion (e.g., on first setup, or when receiving an activation SMS), the invasive profile will get access to all the history, unless you first wipe it from the Owner profile. This might have been obvious to some skilled users, but it was not obvious to me, although on a second thought it makes sense, as the phone/SMS subsystem is separated from the OS itself.

I still think this limitation should be emphasised more when discussing user profiles separation. For me, this is a no-go. At this point, the only alternative for me if I want to set up an invasive account is to never share SMS/phone with it, and rely on VOIP for emulation instead.