Pixel 9 Pro XL phones home every few minutes. How affected is GrapheneOS?

n3t_admin

moddel unless you install Play Services, there will not be any such connections to Google.
However, once Play Services is installed, I assume that whatever the sandbox allows access to (from this list)

The phone also requests a ‘check-in’ endpoint around every 40 minutes, listing low-level features enabled on the phone, such as the firmware version, whether connected to WiFi or using mobile data, the SIM card Carrier, and the user’s email address.

will be reported back to Google, like on the stock PixelOS. I don't know the specifics of what Play Services can or can not access by being sandboxed; that needs to be elaborated on by someone with more knowledge.
The other data points are not likely to be exploited/connections to be made, since corresponding system apps don't exist on GOS (independent of Play Services).

moddel

n3t_admin
https://discuss.grapheneos.org/d/16334-mental-outlaw-shilling-false-cybernews-article

I agree that most of it appears as though it would need google play services. For example the article mentions that email is one of the personal identifiers that is leaked but all of it?

GrapheneOS doesn't replace every layer of software on the device. There is still a lot of google code, drivers, blobs etc. and even an entire baseband OS for Google's custom soc hardware, all of which could potentially leak and phone home to Google. How many of those connection could potentially be still an issue with GrapheneOS, has anyone tested the specific claims of the article against a pixel 9 device?

moddel

n3t_admin However, once Play Services is installed,

Agreed, Let's assume that Play services are not installed. Which of the points in this article seem like they could be coming from services or software not reliant on Google Play services. Any of them?

moddel

Lion
Yes I have read the entire FAQ and everything else on the GrapheneOS website. I still have the questions I have raised. This is why I started the discussion

de0u

moddel Yes I have read the entire FAQ and everything else on the GrapheneOS website. I still have the questions I have raised. This is why I started the discussion.

If the "Cyber News" article seems like a plausible information source, and the GrapheneOS FAQ's inventory of network traffic does not seem like a plausible information source, one approach might be for you to connect a Pixel device running GrapheneOS to a router you control and analyze the logs to your own satisfaction. And maybe also connect up a Samsung device!

n3t_admin

moddel as I wrote before

unless you install Play Services, there will not be any such connections to Google.

that is a very clear and definitive answer. Someone above already linked the FAQ about default connections in GrapheneOS. Those are what I observed myself as well.

moddel

n3t_admin that is a very clear and definitive answer. Someone above already linked the FAQ about default connections in GrapheneOS. Those are what I observed myself as well.

This is good to hear. How did you observe the outgoing connections?

grayway2

moddel There is no telemetry at all in GrapheneOS. The only real private thing that is collected is your IP address during a couple days then purged from GrapheneOS servers (when your phone perform updates or install let's say sandbox playstore)

GrapheneOS does not store your IP address in the purpose to collect it. It's just an automatic thing.

Eagle_Owl

moddel
Normal behaviour of an Android phone with Android OS installed. Nothing new.
Many telemetry data can be blocked by using a DNS resolver with integrated filter lists.
No app solution needs to be installed for this (such filter apps are all very energy-intensive).

A service such as NextDNS is sufficient (everything can be controlled via the browser on the large desktop monitor).
On the Pixel phone, this will be realised via the Internet settings, see Settings/Network & Internet/Private DNS.
This is where you copy the text string that was generated for you on the NextDNS settings page.

However, it can also be even simpler with a service such as dnsforge.de.
They have three versions of filter lists (Ad blocker / Ad blocker & Youth protection / Ad blocker and hard block list).
This is a German-based free service (donations are welcome).

And of course you replace this otherwise almost uncontrollable Android OS from Google with the one from Graphene!
This doesn't necessarily mean that you have to do without apps from Google's Play Store, but you can.
In this way, you can deny any app access to the Internet.

In NextDNS, I can see which domains have been resolved and which have been blocked at any time in the ‘Statistics’ tab.
Anyone using a Pixel phone with GrapheneOS can see that not much telemetry data is transmitted and that this is only desired data from/to GOS servers.

de0u

moddel The original question stands, has anyone actually tested GrapheneOS on a pixel 9 device and analyzed all outgoing attempts to phone home to Google's servers?

A key point of the official GrapheneOS account is that most of the described network traffic has nothing to do with Pixel devices and is part of normal traffic by normal vendor distributions of Android, e.g., Samsung, Sony, etc.

If "Cyber News" is in the business of posting articles about network traffic by Pixel devices running Google's Android, perhaps it would be responsible for them to also investigate network traffic from Samsung devices running Samsung's Android. And, since GrapheneOS is free and easy to install, perhaps it would be responsible for "Cyber News" to report on network traffic from a Pixel running GrapheneOS.

moddel

de0u f the "Cyber News" article seems like a plausible information source
Plausible or not they gave specifics, which as far as I have seen have not been specifically addressed.
and the GrapheneOS FAQ's inventory of network traffic does not seem like a plausible information source,
Who said this, you? Certainly not me? In fact I specifically said that I read it all, which I did. I did not comment on the plausibility of the information.

de0u one approach might be for you to connect a Pixel device running GrapheneOS to a router you control and analyze the logs to your own satisfaction.

This is exactly what I am asking, has anyone actually attempted to verify the claims of this article. All I see are vague comments and users attacking the credibility of the website or the journalist. If Graphene actually fixes the issues discussed in this article then the Graphene community missed a huge opportunity to prompt itself as a solution.

What you propose is exactly how I would envision testing these issues. I do not own a Pixel 9 device. Considering Pixels future, the only reason I can think of buying one is to run GrapheneOS.

de0u And maybe also connect up a Samsung device!

I don't see what relevance Samsung devices or Apple devices or any other devices have to this discussion. The questions specifically here is, are any of the data leaking behavior discussed in the article pertaining to Pixel 9 devices relevant to a Pixel device running GrapheneOS. Is the documentation that lists all of the connection up to date? Is there anything specific on the Pixel 9 that can leak this info at a lower level?

de0u

de0u If the "Cyber News" article seems like a plausible information source [...]

moddel Plausible or not they gave specifics, which as far as I have seen have not been specifically addressed.

The GrapheneOS FAQ also lists "specifics" (quite a few). I believe some of them (e.g., GNSS PSDS connections) do not appear in the "Cyber News" article.

de0u [...] and the GrapheneOS FAQ's inventory of network traffic does not seem like a plausible information source [...]

moddel Who said this, you? Certainly not me? In fact I specifically said that I read it all, which I did. I did not comment on the plausibility of the information.

If the "Cyber News" claims about network traffic from a stock Pixel are relevant to a Pixel running GrapheneOS, then the claims in the GrapheneOS FAQ are inaccurate. If the claims in the GrapheneOS FAQ are accurate then the observations in the "Cyber News" article about network traffic from a stock Pixel are irrelevant to Pixels running GrapheneOS (regardless of the number of "specifics" in the "Cyber News" article). The original post asked "Which of these leaks is GrapheneOS susceptible to?". It did not ask "Is this article accurate?".

It appears that you are doing a substantial amount of research while considering running GrapheneOS on a Pixel. Actually running GrapheneOS on a device containing personal data will, to some extent, require a "leap of faith" in the GrapheneOS development team -- even though the code for most of the stack is open, it's impractical for anybody to review all of it.

Placing trust in the GrapheneOS team (and hence their inventory of network connections) may not immediately seem warranted. But it may also be useful to be careful about placing trust in news organs. Hopefully if "Cyber News" doesn't address "specifics" that the GrapheneOS FAQ does, that results in scrutiny of "Cyber News"?

locked

de0u one useful software for this might be inviZible. You can set up a profile specifically for this testing . it should be ran in VPN mode, and then you will be able to see all the DNS requests by specific apps, should be interesting. I think i may try this, however, I have a P8 with GOS. Also, just in case there is traffic that is not encapsulated through the VPN, It might be wise also to run another test routing network traffic through a computer and monitoring everything on WireShark or even simpler program that logs all DNS requests.

n3t_admin

moddel mostly through RethinkDNS. I also have a firewall set up at home where I can (and do) monitor traffic.

matchboxbananasynergy

All that needed to be said about this article has already been said. GrapheneOS won't promote itself based on lies and misinformation. We'll leave that up to others. The article is sensationalist at best, harmful at worst.