PrivSec-dev/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2025-02-20 18:31:35 -05:00
Code

Update

Browse Source
This commit is contained in:
Tommy 2023-11-02 06:20:50 -07:00 committed by GitHub
parent d708140d38
commit 9acf4e651e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
content/posts/android/Android Tips.md
View File

@ -144,17 +144,19 @@ GrapheneOS has the LTE only mode exposed in settings. You can set this by going
If your Android-based operating system does not expose this setting in the Settings app, or if you want to set your baseband modem to a less restrictive mode, dial `*#*#4636#*#*` then hit **Phone information**. Here, you can set preferred network type to just the generations that you intend to use. For example, if you only want to use 5G and 4G, you can set it to `NR/LTE`.
Depending on the carrier, you may need to enable additional network types for Wifi calling to work. For example, Google Fi requires WCDMA for this feature. Thus, if you want 5G, 4G, and Wifi calling for Google Fi, you need to set the network type as `NR/LTE/WCDMA`.
## Carrier Tracking
Carriers can track your coarse location via cell towers using the IMSI and IMEI broadcasted by your baseband modem. In order to avoid this type of tracking, you have to enable the airplane mode which would disable the baseband modem. In addition, you will also need to disable Wifi calling to avoid IP based tracking by the carrier, as its connection will not go through your VPN tunnel.
Carriers can track your coarse location through various means. In order to avoid this type of tracking, you need to do the followings:
I have seen several common suggestions in the privacy community to mitigate this problem which do not actually work:
- Disable Wifi-Calling. Wifi-calling connections do not go through the VPN tunnel, and thus will reveal your Wifi IP address to the carrier.
- **Removing the SIM Card**: The baseband modem will continue to contact the cell towers with its IMEI to prepare for emergency calls. In fact, this is how you are able to call `911` even when you do not have a SIM card inserted.
- Disable the SIMs/eSIMs in **Settings****Network & internet****SIMs**. On GrapheneOS, if you are using an eSIM, you will need to enable the privileged eSIM management app before doing so. With certain carriers, there will be an ePDG server defined which the operating system will connect to outside of a VPN tunnel. While unlikely, a malicious carrier can track a user by giving them a unique ePDG server.
- **Using PGPP as a carrier**: The service randomizes your IMSI by regularly reprovisioning your eSIM. However, the IMEI broadcasted by the baseband modem would remain unchanged, allowing the carriers to track you anyways.
- Turn on Airplane mode. This will turn off the baseband modem and your phone will no longer broadcast the IMEI/IMSI to the nearby towers. Note that your phone can still talk to the tower regardless of whether a SIM card inside - this is why `911` calls work. Simply removing the SIM cards is not enough.
- Disable the eSIM management app after you have disabled all of the eSIMs. With certain carriers, the eSIM management app will connect to the provisioning server to check for eSIM updates.
Note: I have seen recommendations to use PGPP as a carrier to randomize the IMSI by regularly reprovisioning the eSIM. This is unlikely to be beneficial, as the IMEI broadcasted by the baseband modem would remain unchanged, allowing the carriers to track you anyways.
## Where to Get Your Applications
@ -252,7 +254,8 @@ Google Fi provides [opportunistic end‑to‑end encryption](https://fi.
This is not without its caveats:
- Google Fi requires Play Services and the [Fi app](https://play.google.com/store/apps/details?id=com.google.android.apps.tycho&hl=en_US) to work properly. Without Play Services, all of the features mentioned above, along with visual voicemail will not work. SMS messages will have random strings added at the end of each of them.
- On GrapheneOS, Fi VPN and end to end encrypted calls with Fi will not work. Fi VPN requires privileged integration with the operating system which GrapheneOS developers are not willing to bundle, so it will likely never work in the foreseeable future. I am not entirely sure why end to end encrypted calls with FI are not working at the moment.
- On GrapheneOS, Fi VPN will not work. Fi VPN requires privileged integration with the operating system which GrapheneOS developers are not willing to bundle, so it will likely never work in the foreseeable future.
- Google Fi Wifi-calling does not work behind a VPN.
If you are living in the United States and use the stock operating system, I highly recommend using Google Fi as the carrier to take advantage of the end to end encrypted calls and Fi VPN. Pixel 4 and bove users will benefit the most from the VCN as mentioned.