Hey team,
I’ve tested multiple Pixel devices (Pixel 6a and 8a), all brand new and straight out of the box. I performed clean installs of GrapheneOS v16.0.0 using:
• Fresh laptops (clean OS, no prior Graphene activity)
• Different ISPs
• Web installer via https://grapheneos.org/install/web
• Auditor confirms verified boot, factory keys, high security level, and official signed releases
• USB debugging, OEM unlocking, and accessibility services are all disabled after install
⸻
Issue:
After flashing and setting up a new user profile (non-owner), I noticed that the built-in shell app appears under App Permissions with the following permissions already allowed and non-revocable:
• Calendar
• Call logs
• Camera
• Contacts
• Health, fitness and wellness
• Location (Allowed all the time)
• Microphone
• Nearby devices
• Network
• Notifications
• Phone
These cannot be disabled. Attempting to tap into the permission toggles gives a message like “Device requires this permission to operate.”
This is reproducible across multiple fresh devices, laptops, ISPs, and user profiles — even after:
• Factory resetting the phone
• Flashing from scratch using different laptops
• Creating new user accounts
⸻
Concerns:
• Is this expected behavior for the shell UID/system process?
• Is it a UI bug or a permission visibility regression introduced in Android 14 / GOS 16?
• If not expected, could this represent a misconfiguration or unintended exposure of system-level permissions?
• What implications (if any) does this have for security or potential access to sensors?
Happy to provide shell logs, screenshots, or additional Auditor output if needed.
Thank you for your work and time!