You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/posts/android/Android Tips.md
+6-4Lines changed: 6 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -146,15 +146,17 @@ If your Android-based operating system does not expose this setting in the Setti
146
146
147
147
## Carrier Tracking
148
148
149
-
Carriers can track your coarse location through various means. In order to avoid this type of tracking, you need to do the following:
149
+
Carriers can track your coarse location through various means. At minimum, you need to use airplane mode to turn off the baseband modem, and turn off Wifi-calling which bypasses the system VPN. There may also be additional connections to the carrier's servers outside of the VPN tunnel, so you need to use Wireshark to verify this for your specific setup.
150
150
151
-
- Disable Wi‑Fi calling. Wi‑Fi calling connections bypass the system VPN and thus reveal the local network's public IP address to the carrier.
151
+
The behavior will differ across carriers and may also differ depending on the SoC, so I cannot give exact instructions for every setup. However, on a Google Pixel 7 Pro running GrapheneOS, you need to do the following:
152
152
153
-
- Disable the SIMs/eSIMs in **Settings** → **Network & internet** → **SIMs**. On GrapheneOS, if you are using an eSIM, you will need to enable the privileged eSIM management app before doing so. With certain carriers, there will be an ePDG server defined which the operating system will connect to outside of a VPN tunnel. While unlikely, a malicious carrier can track a user by giving them a unique ePDG server.
153
+
- Disable Wi‑Fi calling.
154
+
155
+
- Disable the SIMs/eSIMs in **Settings** → **Network & internet** → **SIMs**. On GrapheneOS, if you are using an eSIM, you will need to enable privileged eSIM management. With certain carriers, there will be an ePDG server defined which the operating system will connect to outside of a VPN tunnel. While unlikely, a malicious carrier can track a user by giving them a unique ePDG server.
154
156
155
157
- Turn on airplane mode. This will turn off the modem and disable all transmission to cell towers. Note that simply removing SIM cards is not enough --- your phone will still connect to cellular networks to permit emergency calling.
156
158
157
-
- Disable the eSIM management app after you have disabled all of the eSIMs. With certain carriers, the eSIM management app will connect to the provisioning server to check for eSIM update, even if the eSIMs are disabled.
159
+
- Disable privileged eSIM management after you have disabled all of the eSIMs. With certain carriers, the eSIM management app will connect to the provisioning server to check for eSIM update, even if the eSIMs are disabled.
158
160
159
161
On a related note, I have seen recommendations to use PGPP as a carrier to randomize the IMSI by regularly reprovisioning the eSIM. This is unlikely to be beneficial, as the IMEI baked into the modem would remain unchanged, allowing carriers to track you anyways.
0 commit comments