From ac426cc5b5c588c1e6fd1ba78c0301aac8fb9b0b Mon Sep 17 00:00:00 2001
From: Peter Easton <Peter@JollyRogers.ca>
Date: Fri, 14 Feb 2020 20:42:21 +0000
Subject: [PATCH] Add Q&A about non-resettable hardware identifiers

---
 static/faq.html | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/static/faq.html b/static/faq.html
index 98ff5c3e..f6e84e12 100644
--- a/static/faq.html
+++ b/static/faq.html
@@ -56,6 +56,14 @@
                         <li><a href="#when-devices">When will more devices be supported?</a></li>
                     </ul>
                 </li>
+                <li>
+                    <a href="#security-and-privacy">Security and privacy</a>
+                    <ul>
+                        <li><a href="#hardware-identifiers">What does GrapheneOS do about 
+                        non-resettable hardware identifiers like IMEI, SIM or phone serial
+                        number?</a></li>
+                    </ul>
+                </li>
             </ul>
 
             <h2 id="device-support">
@@ -180,6 +188,34 @@
             devices produced based on an SoC reference design with minor improvements for privacy
             and security. Broad device support is the opposite of what the project wants to
             achieve in the long term.</p>
+
+            <h2 id="security-and-privacy">
+                <a href="#security-and-privacy">Security and privacy</a>
+            </h2>
+
+            <h2 id="hardware-identifiers">
+                <a href="#hardware-identifiers">What does GrapheneOS do about non-resettable
+                hardware identifiers like IMEI, SIM or phone serial number?</a>
+            </h2>
+
+            <p>Starting with the Android 10 specification, apps can no longer extract the phone's 
+            IMEI or Serial Number, SIM Card Serial Number, Subscriber ID, MAC Address or other
+            non-resettable unique device identifiers, even if granted access to
+            <code>READ_PHONE_STATE</code>. Apps must have the
+            <code>READ_PRIVILEGED_PHONE_STATE</code> new to Android 10 in order to get access to
+            any of these non-resettable, persistent device identifiers. Apps using the Android 10
+            API will recieve a <code>SecurityException</code> error, and any older apps simply get
+            an empty value if the <code>READ_PHONE_STATE</code> permission has been granted to them,
+            or a <code>SecurityException</code> error if they don't. MAC Addresses are randomized 
+            per WiFi network on GrapheneOS. Apps, even if granted full network access, cannot read 
+            nor change the MAC Address.</p>
+
+            <p>GrapheneOS does <i>not</i> utilize Advertising IDs, even though the Advertising ID
+            normally seen on Android and iOS devices is resettable.</p>
+
+            <p><code>ANDROID_ID</code> is persistent between application installs but is resettable.
+            Pull requests are welcomed in this area.</p>
+
         </div>
         <footer>
             <a href="/"><img src="https://grapheneos.org/logo.png" width="512" height="512" alt=""/>GrapheneOS</a>