GrapheneOS has the ability to automatically disable bluetooth and wi-fi also, after a set time for inactivity. This maybe what you're encountering. Go to settings/security & privacy/exploit protection and adjust it accordingly to see if the helps.
PhantomRunner
- Joined Nov 30, 2022
- Edited
The app mentioned by mizzen-auk is pretty good but I think the app with the requested feature and many more would be SpamBlocker (spam.blocker) found on F-droid that I like better.
- Edited
Offliner-A-GoGo Certainly the OP of this thread has had misunderstanding as charging is allowed as per the settings and so not a bug.
I think so. Forgive me Armbus25 if wrong as I can be a goof!
- Edited
Dumdum Thank you for your answer.
I been using GOS now for a little longer then this profile setup on the forum and have never considered going back to an OEM implementation of Android. Im' just brain storming and pondering about it and I think the grapheneOS devs are some of the best in this field.But I'm curious of you Dumdum, may I ask a few questions?
Have you actually connected a physical keyboard to your phone in the BFU state and if so did you have to grant permission. I know that when you connect a computer it ask for permission like a fingerprint device trust. How did you grant trust to this keyboard? Are keyboards given a pass? How did you do this in the BFU state?
Dumdum Yes hopefully I'm wrong but can you give another reason as to have a data connection in this state other than using a connected keyboard. What's wrong with using the on-screen one? I don't think you can enter high ASCII characters with the on-screen board but you can still get a good password by using it.
Having the phone allow a keyboard could be more of an issue. I know grapheneOS would resist brute-forcing but cracking the pass would be a lot easier with a device that simulates a keyboard entering passwords.
Thank you for that answer and so then I don't understand the need for that setting. The OS can't enforce any of these settings until boot and you would think that the BFU would be protected by disallowing any data line in this state if there is a setting for it; as having the possibility of data extraction is a weakness. Having no extraction is better than having even an encrypted one. Disabling the MTP host may offer some protection in BFU and AFU.
I can't think of a reason right now as to why one would need a data connection in BFU state especially if the bootloader is locked. All kinds of thoughts are going through my head now but can't type it all. I thinking now that this USB port control my be a Houdini. Hope I'm wrong! Maybe balderdash. Maybe maybelline?
- Edited
I think the devs are trying to have the data connection blocked while in BFU but then allowed while in AFU with that setting. If that's the case then the words 'charging only while locked' should not be used. If that is not the case then i don't understand the exception. I haven't tested this to see if this is happening.
Last post on this I promise.
The more I read the descriptions underneath the settings the more I don't understand the need for the exception.
- Edited
Maybe I should clarify; when I said "Charging only when in BFU would suffice" should applied to the setting: "Charging only when locked" as this is the more restrictive setting.
Oh shoot just forget it! The more I read the more I get confused. Just disable all USB and then use wireless charging.
I think where the confusion lies is in the understanding of After First Unlock (AFU) and Before First Unlock (BFU). In AFU you can be in either a locked state or unlocked state but not BFU.
- Edited
The setting "Charging only when locked, except before first unlocked" is grammatically correct but unnecessarily verbose. The word: 'except' means to the exclusion of; so BFU is the object and the excluded or unless condition that needs to be meet. So then except BFU then AFU. When in BFU your phone is obviously locked and has never been unlocked.
So saying "Charging only when in BFU" would suffice.
I
Now being able to "spoof" or set your own data is a different subject and would be nice to have something like a READ_PHONE_STATE scope.
If I'm not mistaken, I believe that the Phone permission is under this.
Here's a screenshot of an app that examines apps : https://ibb.co/zrHmXtX
I pulled up Google Play Services - because it wants every permission possible - and it has Phone permission denied.
Here's another story about Apple's new feature:
https://www.neowin.net/news/experts-reveal-why-iphones-are-suddenly-rebooting-themselves-leaving-police-stumped/So looks like seizures of IPhones would now be prioritized for examination. GrapheneOS's has a superior implementation in that it allows users to choose the trigger time assuming Apple's is static.
It's nice to know that the GrapheneOS developers had the fore-site to add this wonderful feature many years ago, I'm sure Apple has never heard of GrapheneOS ;) wink.
This article may be of interest of those who believe in battery charging limits.
https://www.macrumors.com/2024/09/24/iphone-80-percent-charging-test/
With the GrapheneOS DNS VPN change since 2024080200, I believe—causes all DNS queries to be routed through VPN connection isn't necessarily a desirable behavior.
For us that use the Private DNS settings in Android to route DNS queries to a trusted DNS provider for maybe logging and filtering it renders this useless. However DoH in the app like chromium based browsers can be used but some browsers like Firefox and other apps that can’t be set can now no longer be monitored.
For VPN apps that allow for app exclusion like Calyx VPN and RiseUp VPN – the excluded apps can no longer do DNS queries.
VPN apps that do whole system tunneling – that’s to say not allow inclusion or exclusion of certain apps of the user’s choosing, I’m still seeing DNS queries being passed to my preferred DNS provider per Private DNS settings in Android. I’ve tested this with ProtonVPN so it seems that the “leak” is still there.
I prefer the original DNS behavior until a better solution arrives and I’m seeing inconsistencies in VPN app behavior. There are apps that use the VPN routing as a somewhat of a kludge for analyzing traffic or firewall use so changing VPN behavior in this way may have unseen consequences. More thorough testing should be done in this area.
I would stress that maybe one should use the Private DNS setting in Android to perhaps prevent leaking DNS queries to your internet provider, that is of course if Android honors every query as per this setting.
The only browser I know of for Android based on Chrome that protects the Client Hints javascript API is Bromite. But Bromite doesn't seem to be vary active in updating. Firefox based browsers doesn't implement this API.
Truncating the User Agent is not sufficient for hiding the phone's OS version and model as all chrome based browsers responds to Client Hints. Vanadium doesn't protect against fingerprinting either.
SMS and MMS are different types of messaging mechanisms. SMS (Short Message Service) is delivered through the cell radio bearer channel and is just a text string while MMS (Multimedia Messaging Service) is data and can be text, images and sound. It needs APN settings and internet access.
MMS has the greatest potential for exploitation which can be mitigated by not having your Messaging App to auto-download messages and I think this is a good solution for those unexpected MMS messages like spam.
Soundblaster You don't need any app for this. Just go to Settings>>Accessibility>>Audio section>>Audio adjustment then use the balance slider.