diff --git a/static/faq.html b/static/faq.html index 98ff5c3e..f6e84e12 100644 --- a/static/faq.html +++ b/static/faq.html @@ -56,6 +56,14 @@
  • When will more devices be supported?
    • +
  • + Security and privacy + +

    • @@ -180,6 +188,34 @@ devices produced based on an SoC reference design with minor improvements for privacy and security. Broad device support is the opposite of what the project wants to achieve in the long term.

    + +

    + Security and privacy +

    + +

    + What does GrapheneOS do about non-resettable + hardware identifiers like IMEI, SIM or phone serial number? +

    + +

    Starting with the Android 10 specification, apps can no longer extract the phone's + IMEI or Serial Number, SIM Card Serial Number, Subscriber ID, MAC Address or other + non-resettable unique device identifiers, even if granted access to + READ_PHONE_STATE. Apps must have the + READ_PRIVILEGED_PHONE_STATE new to Android 10 in order to get access to + any of these non-resettable, persistent device identifiers. Apps using the Android 10 + API will recieve a SecurityException error, and any older apps simply get + an empty value if the READ_PHONE_STATE permission has been granted to them, + or a SecurityException error if they don't. MAC Addresses are randomized + per WiFi network on GrapheneOS. Apps, even if granted full network access, cannot read + nor change the MAC Address.

    + +

    GrapheneOS does not utilize Advertising IDs, even though the Advertising ID + normally seen on Android and iOS devices is resettable.

    + +

    ANDROID_ID is persistent between application installs but is resettable. + Pull requests are welcomed in this area.

    +