tmwqjr What's definitely NOT OK is being chained to the same IMEI throughout the life of the phone. [...] I suspect the answer to this is "We can't do this because it's the property of the baseband module". To which my response is "How might we hope to obtain a phone with a noncompliant baseband module and an OS IMEI override function?"

I suspect that for the foreseeable future the most practical way for you to switch IMEIs will be buying a bunch of phones on eBay and rotating them. That's aside from the question of what government attention you might attract by having a stream of IMEIs at your location.

Another option might be an IMEI-free device such as the Pixel Tablet.

Bluetooth ID customization. I'm no expert on this, but it seems to me that Bluetooth entails a device descriptor string, a connection PIN, and a MAC. Being able to change all these would be helpful.

I believe changing your Bluetooth MAC would unpair you from all existing pairings. Is that your intent?

Overall I suspect some things on your list may happen within a few years (e.g., location spoofing) but some are genuinely unlikely within that time frame (changing IMEIs). Some might be advanced if you were in a position to dig into the code and provide patches.

    Re: IMEIs, from the GOS site:

    It is not possible to change the IMEI on a production device and GrapheneOS will never add support for this.

    https://grapheneos.org/usage#carrier-functionality

    I'd be interested to hear more about the hurdles that GOS faces regarding IMEI changes. What's the motivation for the use of the word "never"?

      Titan_M2 when I was a kid I found a phone that bad been blacklisted, I took it to the phone repair shop and he said it had been black listed.

      When I asked if he could change the IMEI
      He informed me that is what terrorists do, so basically if you are caught with a phone that has the wrong IMEI then you'll be classed as a terrorist

        de0u You brought up a good point. I hadn't considered the IMSI Titan_M2 . Given that IMSI, ICCID, and MSISDN all travel with the SIM and not the phone, it seems like what we want is an IMEI that's a hash of the SIM data somehow, but with some fixups that make it plausible, i.e. recent model-year popular phone brand. That way, when you pop in the same SIM, you get the same IMEI. That being said, if the GrapheneOS answer to dynamic IMEI is "never" (thanks zzz I had not seen that note), then, yes, the best practical solution is to carry N phones obtained from random street vendors, and never switch between them within a small radius of time and space. Then use them purely as wifi hotspots for your actual GrapheneOS phone. This should protect you from cartel-level deanonymization (but it won't keep you private from first world intelligence services because they have way more information to leverage).

        As to Bluetooth, the more I think about it, the more I'm convinced that it's irrevocably insecure just like IMEI but worse, because even if you change the phone's ID or PIN, your Bluetooth-enabled headset or whatever still identifies itself in the same way. I assume by default that the world is loaded with devices that attempt to pair with whatever walks by, if only to extract a fingerprintable reply and thus map people to locations. Therefore perhaps it's less important to enable the alteration of the metadata on the phone itself.

        I'm not expert enough to provide patches, so unfortunately all I can do is sit here and beg for features. But I'm happy with that if the discussion eventually produces a net benefit to the innocent majority. I'm not blind to the fact that privacy tech benefits the bad guys, too. It's a lesser-of-evils tradeoff.

        L8437 As to having a "wrong" IMEI and being flagged as a terrorist, the above solution is a perfectly legit, if awkward, workaround (because even malware-laden used phones have original factory IMEIs). And even so, it's hard to see someone getting arrested for an IMEI hack, even if it's technically illegal. Well, maybe under some authoritarian regimes. The thing is, criminals are so sophisticated these days that you have to think like one just to protect yourself in certain jurisdictions. It's an information arms race with no compelling offramps.

        Changing IMEI in almost all threat models is security/privacy theater - even if you changed it, it doesn't slow down a knowledgeable actor from continually identifying you because there are several other identifiers in the cellular network that don't change.

        Changing IMEI leaves IMSI, phone number, ICCID, MSISDN the same. If you managed to change IMSI at the same time from something like PGPP then you still leave the rest untouched. If cellular network tracking is of your concern, GrapheneOS tells you in their guides to avoid it entirely or use Airplane Mode.

        Some services like Silent Link broadcast less information by using a foreign data provider on Roaming, but that would make you appear like you are a foreign user roaming instead.

        zzz What's the motivation for the use of the word "never"?

        Because the IMEI is burned into the (isolated) hardware and cannot be changed. In most cases changing the IMEI is only possible either by a reverse engineering process or an exploit on that hardware. Any 'IMEI change' Xposed module etc are just changing the IMEI value that apps in the operating system see. It is extremely unlikely for an exploit like this to exist that doesn't end up being a cause for other security issues in that hardware. GrapheneOS will always patch firmware for security.

        There are cellular routers with IMEI change firmware (like what SRlabs have done with research: https://github.com/srlabs/blue-merle) but again, you'd need to constantly change SIM to actually make discovery difficult, which also comes with the costs of sourcing several SIMs.

        Only really old cellphones are the majority of phones to have an exploited and reverse engineered baseband. OsmocomBB are an open-source GSM baseband firmware used to replace firmware in old Motorola phones that had their baseband processor's register-level instruction manual leaked. They're not used for spoofing but rather for cellular network snooping and analysis.

        There are tons of "products" sold by unknown (probably criminal-oriented) organisations who try to sell products advertising privacy features and do not transparently disclose their methods of how their "security" works, which comes down to modding old, insecure garbage or try and focus on making communications with the cellular network 'secure' which simply is impossible because of how flawed the network is.

        The security-conscious avoid the network completely or use an implementation made to avoid trusting that network. Think about what people use instead of phones:

        High-security government communications run their own fixed networks to deploy phones instead: https://communications.sectra.com/product/mobile-communication-up-to-secret/

        If they use a cellular network, they use a solution that involves encrypting between the two phones:
        https://www.electrospaces.net/2012/06/highly-secure-mobile-phones.html

        Law enforcements use encrypted radio systems like TETRA instead of phones: https://www.sigidwiki.com/wiki/Terrestrial_Trunked_Radio_(TETRA)

        UK Government use an Internet-based messaging service (WhatsApp, I know, terrible) instead of a cellular network: https://www.bbc.co.uk/news/uk-wales-65776560

        The Pixel Tablet has no cellular radio so you can have the GrapheneOS experience without this risk.

        I advice you to buy a Mudi 4G portable router and flash it with blue merle:

        https://github.com/srlabs/blue-merle/issues

        It has IMEI randomization and everytime when you put a new SIM card in it it will change your IMEI address. Like other people told, changing your IMEI without changing your IMSI (sim card) is not good. So everytime you change your IMEI make sure to use a new fresh sim card in it.

          7 months later

          de0u government attention you might attract by having a stream of IMEIs at your location.

          In reality this is not a concern in most situations, since it is totally common to have countless IMEIs connected to a tower from the same area as all the service provider normally see is how many and what IEMI are conected within a 50-150m radius area from a given basestation (in cities there are multiple story buildings, so it means up to thousands at once...). Imagine smartphone repair shops, shoping malls, retail stores etc... 100k IMEI a day on a single tower... if not more.

          Maybe in specific cases, in rural areas with 2 user on a tower, and if ther eis a targeted search for someone or something suspicios, they may notice like ten new IMEIs in the middle of the woods.... or if LE targets someone and triangulates the target (not in the middle of a shopping mall or a 100 home condo tower...) than they may find sus if dozens of new IMEIs pop up at the same location that they are actively monitoring 24/7.

          What might be actually sus is when a sus target changes IMEI or IMSI "too frequently" but even in this case the target was already sus and monitored to begin with :) So it just becames twice as much sus :D GSM shops use the same SIM for over a year for thousands of devices (IMEIs) for testing... but LE is not breaking their doors.

          • de0u replied to this.

            easthvan GSM shops use the same SIM for over a year for thousands of devices (IMEIs) for testing... but LE is not breaking their doors.

            Good point!

            I have a question about VOLTE and VOWifi.

            Afaik you have a permanent VPN connection to the provider. When using regular phone network, there would be no connection in airplane mode.

            If primary idea is to avoid connecting to the provider, should one not use VOWifi?

            And this is useless (for this purpose, not for security which is probably better as less connection is done over insecure protocols) when using cell data internet probably, right?

            a year later

            Hathaway_Noa what kind of imei would this software generate? First three elements or so stand for the device manufacturer or the device model. Anywhay it's device specific. A HLI-Net MudiV2 would ship with an imei associated with GLI-net. Will this software create an imei then that is also related to GLI-Net? Or will it be random? And: even if its possible to change the imei and IMSI aren't there a ocean full of other things to keep in mind in order to not being flagged as a person who changed his imei? Aren't there way more things that make you stick out the crowd (from ISP/network analysis perspective) if you change your imei this way?