GrapheneOS What best practices would you recommend for protection against SMS-based exploits?
This thread is mostly about protection against physical access, AFU and BFU... but it is my understanding that SMS-based attacks are becoming common, and - for many - a far greater risk.
It is my understanding that there is NO way to ONLY have calls and SMS in a secondary profile to avoid access to the owner profile with all its device-wide privileges. There is also NO way turn off mobile data in the owner profile and turn it on in a secondary profile. This is a security risk - much as I understand why it's like this.
I also noticed that once I grant the phone app mic permission for that one time, mic access stays ON, and I have to go into the menu again and turn it off. Isn't there a way to automatically turn off mic and cam access after a certain time? (like with wifi and bluetooth)? Or when I only grant it for a single time?
I recently set up a secondary profile without calls and SMS on my Pixel 4a (5G) in GOS, and a call got through to that profile asking for mic access. An SMS message did not, I only got a notification. How can I prevent that? It was the phone app in the owner profile that handled that call, as it did not appear in the call history in the secondary profile, and the phone app there has all permissions removed. As I said, calls are turned OFF in that secondary profile, and a call broke through from the owner profile, instead of me getting a notification about it.
Could you recommend solutions or work-arounds for the above?