• General

  • Tracking phone identifiers, even if reset?

nrt On stock android your imei is sent to google when you connect to the internet

But you need to do it to get the OEM unlocking for installing Graphene, correct?

  • nrt replied to this.

      Google will get your IMEI in order for you to install GOS, but the good news are that Google will not know who this IMEI belongs to (if you don't give them the info voluntarily). Other hardware identifiers are not transmitted, but cgro0550 makes a good point about canvas fingerprinting here which will probably interest you.

      Btw. it's advised that you do the OEM unlocking on a public WiFi somewhat far away from your home location so Google doesn't get ahold of your IP or other identifiers.

      Oh if you change the Google Fi account, you should also change the device and vice versa if you don't want Google to instantly connect the 2. It's a very uncomfortable threat model and you should make sure that hiding your identity from Google is really that important to you (compared to sharing no or limited private data with Google which is easy to achieve in GOS). This video might be interesting regarding being anonymous with GOS, it does a good job presenting the difficulties.

      nrt hi regarding the e SIM comment, can you explain more please

      • nrt replied to this.
          7 days later

          What about WiFi networks and such? Does sensors grant this access (i.e. disable sensors access to block it)? Kind of need to be able to connect to a network somehow, and wired isn't always feasible. Hotspot would be the best for mobile, second to public hotspots at public places (ex. coffee shops, stores, etc.).

            Dubz No, disabling the sensors permission does not block WiFi connections. Please refer to the Features page for info about what the sensors permission does:

            Sensors permission toggle: disallow access to all other sensors not covered by existing Android permissions (Camera, Microphone, Body Sensors, Activity Recognition) including an accelerometer, gyroscope, compass, barometer, thermometer and any other sensors present on a given device. When access is disabled, apps receive zeroed data when they check for sensor values and don't receive events.

            https://grapheneos.org/features#:~:text=Sensors%20permission%20toggle%3A%20disallow,and%20don%27t%20receive%20events.

            • Dubz replied to this.

                treequell So to clarify, apps can always see the SSID that I'm connected to and/or nearby SSIDs? Is there any way to stop this outside of wired only connections? Sounds like a major security hole when trying to anonymize oneself. You can easily track users based off that.

                    treequell Okay, so they would require either "Nearby devices" or "Location" permission to do so? Obviously the second would invalidate the anonymous part of the location, but as long as they don't have nearby devices permission, that should suffice? This is good to know. Thank you!

                        Dubz To access the SSID of your current WiFi network, the app would require the ACCESS_FINE_LOCATION permission. Some apps use only the ACCESS_COARSE_LOCATION permission instead.

                          a year later

                          Settings > Apps > Special app access > Wi-Fi control

                          Is there anything specific that allows apps by default?
                          Should we be checking this religiously? If so, can it be a forefront permission rather than hidden away?
                          Does this supersede or depend on any other permission?
                          How does it play into this? I assume if it can control the Wi-Fi it can turn it on and see SSIDs nearby (possibly even with Wi-Fi disabled).

                          That could be used to calculate someone's location easily, or narrow down the possibilities greatly.