security/hakurei.app
security/hakurei.app
5
1
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 4 Wiki Activity

Add Q&A about non-resettable hardware identifiers

Browse Source
This commit is contained in:
Peter Easton 2020-02-14 20:42:21 +00:00 committed by Daniel Micay
parent f0ef3a8c65
commit ac426cc5b5
1 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
static/faq.html
View File

@ -56,6 +56,14 @@
<li><a href="#when-devices">When will more devices be supported?</a></li> <li><a href="#when-devices">When will more devices be supported?</a></li>
</ul> </ul>
</li> </li>
<li>
<a href="#security-and-privacy">Security and privacy</a>
<ul>
<li><a href="#hardware-identifiers">What does GrapheneOS do about
non-resettable hardware identifiers like IMEI, SIM or phone serial
number?</a></li>
</ul>
</li>
</ul> </ul>
<h2 id="device-support"> <h2 id="device-support">
@ -180,6 +188,34 @@
devices produced based on an SoC reference design with minor improvements for privacy devices produced based on an SoC reference design with minor improvements for privacy
and security. Broad device support is the opposite of what the project wants to and security. Broad device support is the opposite of what the project wants to
achieve in the long term.</p> achieve in the long term.</p>
<h2 id="security-and-privacy">
<a href="#security-and-privacy">Security and privacy</a>
</h2>
<h2 id="hardware-identifiers">
<a href="#hardware-identifiers">What does GrapheneOS do about non-resettable
hardware identifiers like IMEI, SIM or phone serial number?</a>
</h2>
<p>Starting with the Android 10 specification, apps can no longer extract the phone's
IMEI or Serial Number, SIM Card Serial Number, Subscriber ID, MAC Address or other
non-resettable unique device identifiers, even if granted access to
<code>READ_PHONE_STATE</code>. Apps must have the
<code>READ_PRIVILEGED_PHONE_STATE</code> new to Android 10 in order to get access to
any of these non-resettable, persistent device identifiers. Apps using the Android 10
API will recieve a <code>SecurityException</code> error, and any older apps simply get
an empty value if the <code>READ_PHONE_STATE</code> permission has been granted to them,
or a <code>SecurityException</code> error if they don't. MAC Addresses are randomized
per WiFi network on GrapheneOS. Apps, even if granted full network access, cannot read
nor change the MAC Address.</p>
<p>GrapheneOS does <i>not</i> utilize Advertising IDs, even though the Advertising ID
normally seen on Android and iOS devices is resettable.</p>
<p><code>ANDROID_ID</code> is persistent between application installs but is resettable.
Pull requests are welcomed in this area.</p>
</div> </div>
<footer> <footer>
<a href="/"><img src="https://grapheneos.org/logo.png" width="512" height="512" alt=""/>GrapheneOS</a> <a href="/"><img src="https://grapheneos.org/logo.png" width="512" height="512" alt=""/>GrapheneOS</a>