jinjal
The phone itself, i assume basically nothing except whoever's internet youre on or dns provider you use can see your phone looked up the website name "updates.grapheneos.com" or whatever for its system services andbupdates. Maybe your government can see or runs all DNS servers in your country. (Dns server changes a website word name into a number, ip address, that computers can use to find a server/service). The internet you're on cannot read encrypted traffic but they could see that your phone requested to know where to find grapheneos on the internet.
All depends on the apps you have installed. A chat app or social media app can contact their home server and they can save the IP address of the public WiFi and the time you were there.
If the government obtains this information from google, meta, discord, twitter, etc. The government could find out the address for this IP. Build a pattern for when you visit places. Be on the lookout for you there.
Using a vpn can be helpful for this.
Great site for comparisons:
https://thatoneprivacysite.xyz/
Click "vpn chart formulas" for info on what red, yellow, green means.
Keep in mind that the government could join a public or invite only online group (ask to join and be accepted in). Even come to you in person and say they want to join.
If using google play and apps from there, I'd only use it in a separate profile or private space but you'd have to be diligent in not having it run when you don't want or have a vpn killswitch (these 2 modes might not even honor the vpn or killswitch? Not sure).
Careful, there are many people that sound confident but have the wrong facts when it comes to technology, security, privacy.
userofgos avoid revealing that it's likely the same device as before
At the risk of being a jerk, this is misleading. This feature is basically useless for your usecase.
Yes, the coffee shop or whatever hotel, public WiFi cannot identify it is the same device. However, we aren't scared of Ronald mcdonald burger man coming after us.
As I mentioned, if your phone is on the WiFi and the google & meta apps say "heys guys what did I miss?" To the servers, That message gets sent with the IP address of the public WiFi's internet connection.
The government typically desires info from popular companies like meta, google, apple, twitter etc if they are going after some one. So google tells the government: this is what we know also he keeps connecting at these IP addresses. Then they use that for a physical address and timeframe to find you.
Sorry, I am not a security or privacy expert. A consultant could give you more info--if they have a bachelors or masters degree in the field.
I'd avoid big companies like google products and twitter if possible. WhatsApp could possibly read your "end to end encryption" messages. Signal is a good option but other people can install a modified signal app that keeps deleted messages and images--it doesnt respect the delete request.
Godspeed. You're a brave person.