I would like someone to clarify the extent of an app to obtain sim and positioning info with or without location permission on a vpn connection:
on an otherwise empty secondary profile with phone permission off:
1. obtain sim info like phone number/country code (I assume yes, from another thread I read)
1b. sim info on the owner profile (I guess its a given)
1c. what about two active sims (PHY+Esim)
2. scan for connected/ nearby cellular tower id (indoor positioning)
without nearby device permission:
3. listen to bluetooth beacon
3b. scan for bluetooth device (are those the same?)
4. scan for AP
5. emit any bluetooth beacon
with microphone on (as I often forget to turn off after receiving calls)
6. scan for ultrasound beacon
7. emit any ultrasound beacon (with speaker off, what permission is this)
Anything else I missed?
There are useful but invasive apps and do not run on VM/WSA or must be portable. Previously I was running them on a dedicated ungoogled rooted phone with storage isolation (similar to storage scope), privicyLua (feeding user defined information like GPS, cellid, Android ID per app and dozens of others), HMA to hide the application list, prevent the app to app communication, application manager to revoke all unnecessary permissions, adguard with https filtering and VPN via hotspot. I have Revolut on another non-rooted lineageOS, but I'm connected to Ethernet only with server-side VPN. This configuration works but has major drawbacks. I moved my primary driver to GOS and would like to consolidate these apps, especially mobilizing Revolut to GOS as well if my concerns are met.