Hi everyone,
I've been trying to wrap my head around how some apps manage to track me across different devices, OS reinstalls, and even between Android and iOS. Years ago, I used some social apps like Slowly and Tandem, and ever since, I’ve noticed that new accounts I make on fresh setups tend to get flagged very quickly — almost like they "know" it’s still me, even after changing phones, SIMs, and networks.
The only time I didn’t see this happen was when I used a de-Googled ROM with MicroG on an old Galaxy S9+. That made me wonder how much telemetry is being leaked through Google Play Services, especially via Firebase.
I’m now seriously considering switching to a Pixel device just to run GrapheneOS and gain better control and isolation. Before I make the jump, I wanted to ask:
With GrapheneOS and no Play Services installed, is Firebase-based tracking (or similar SDK-level fingerprinting) still a concern?
Can apps still access persistent identifiers like Wi-Fi MACs, device-level sensors, or anything else that might leak identity, even if I'm using separate user profiles or network restrictions?
Would it make sense to use additional tools like a firewall or DNS-level filtering (e.g., RethinkDNS or AdGuard) on top of GrapheneOS, or is that overkill?
Is there a reliable way to test what’s still being sent out? I’ve captured HAR files before but don’t know how to interpret them deeply.
My goal isn’t to evade bans or anything — I’m just trying to understand how deep the tracking goes, and whether GrapheneOS can help wipe that slate clean from a technical standpoint.
Thanks in advance to anyone who can help shed light on this.