Another part to add in that I missed is how user profiles could potentially play a role with all of this.
I'm pretty much thinking about going with no SIM/airplane mode and doing WiFi only for it, but still curious on other thoughts to consider.
Tracking phone identifiers, even if reset?
- Edited
On stock android your imei is sent to google when you connect to the internet (before you sign in to a google account).
On grapheneos sandboxed google play does not have access to your imei. If you use e-sim a privileged app google has access to your imei.
If you use google fi, google has access to your imei.
https://grapheneos.org/faq#hardware-identifiers
Google will get your IMEI in order for you to install GOS, but the good news are that Google will not know who this IMEI belongs to (if you don't give them the info voluntarily). Other hardware identifiers are not transmitted, but cgro0550 makes a good point about canvas fingerprinting here which will probably interest you.
Btw. it's advised that you do the OEM unlocking on a public WiFi somewhat far away from your home location so Google doesn't get ahold of your IP or other identifiers.
Oh if you change the Google Fi account, you should also change the device and vice versa if you don't want Google to instantly connect the 2. It's a very uncomfortable threat model and you should make sure that hiding your identity from Google is really that important to you (compared to sharing no or limited private data with Google which is easy to achieve in GOS). This video might be interesting regarding being anonymous with GOS, it does a good job presenting the difficulties.
- Edited
L8437 the official google esim app is included with grapheneos and disabled by default. It is a privileged app, has access to hardware identifiers, such as phones imei.
In the future the project wants to release their own esim app.
Discussions of esim.
https://discuss.grapheneos.org/d/421-privileged-esim-management-concerns
https://discuss.grapheneos.org/d/5303-esim-privacy-questions
7 days later
What about WiFi networks and such? Does sensors grant this access (i.e. disable sensors access to block it)? Kind of need to be able to connect to a network somehow, and wired isn't always feasible. Hotspot would be the best for mobile, second to public hotspots at public places (ex. coffee shops, stores, etc.).
- Edited
Dubz No, disabling the sensors permission does not block WiFi connections. Please refer to the Features page for info about what the sensors permission does:
Sensors permission toggle: disallow access to all other sensors not covered by existing Android permissions (Camera, Microphone, Body Sensors, Activity Recognition) including an accelerometer, gyroscope, compass, barometer, thermometer and any other sensors present on a given device. When access is disabled, apps receive zeroed data when they check for sensor values and don't receive events.
Dubz Apps are not able to access the SSID or your WiFi network, or others nearby, unless they have explicit permission to do so. Please see:
a year later
Settings > Apps > Special app access > Wi-Fi control
Is there anything specific that allows apps by default?
Should we be checking this religiously? If so, can it be a forefront permission rather than hidden away?
Does this supersede or depend on any other permission?
How does it play into this? I assume if it can control the Wi-Fi it can turn it on and see SSIDs nearby (possibly even with Wi-Fi disabled).
That could be used to calculate someone's location easily, or narrow down the possibilities greatly.