Add Q&A about non-resettable hardware identifiers

2020-02-14 20:42:21 +00:00 · 2020-02-14 20:42:21 +00:00 · ac426cc5b5
commit ac426cc5b5
parent f0ef3a8c65
1 changed files with 36 additions and 0 deletions
--- a/static/faq.html
+++ b/static/faq.html
@ -56,6 +56,14 @@
                        <li><a href="#when-devices">When will more devices be supported?</a></li>
                    </ul>
                </li>
+                <li>
+                    <a href="#security-and-privacy">Security and privacy</a>
+                    <ul>
+                        <li><a href="#hardware-identifiers">What does GrapheneOS do about 
+                        non-resettable hardware identifiers like IMEI, SIM or phone serial
+                        number?</a></li>
+                    </ul>
+                </li>
            </ul>

            <h2 id="device-support">
@ -180,6 +188,34 @@
            devices produced based on an SoC reference design with minor improvements for privacy
            and security. Broad device support is the opposite of what the project wants to
            achieve in the long term.</p>
+
+            <h2 id="security-and-privacy">
+                <a href="#security-and-privacy">Security and privacy</a>
+            </h2>
+
+            <h2 id="hardware-identifiers">
+                <a href="#hardware-identifiers">What does GrapheneOS do about non-resettable
+                hardware identifiers like IMEI, SIM or phone serial number?</a>
+            </h2>
+
+            <p>Starting with the Android 10 specification, apps can no longer extract the phone's 
+            IMEI or Serial Number, SIM Card Serial Number, Subscriber ID, MAC Address or other
+            non-resettable unique device identifiers, even if granted access to
+            <code>READ_PHONE_STATE</code>. Apps must have the
+            <code>READ_PRIVILEGED_PHONE_STATE</code> new to Android 10 in order to get access to
+            any of these non-resettable, persistent device identifiers. Apps using the Android 10
+            API will recieve a <code>SecurityException</code> error, and any older apps simply get
+            an empty value if the <code>READ_PHONE_STATE</code> permission has been granted to them,
+            or a <code>SecurityException</code> error if they don't. MAC Addresses are randomized 
+            per WiFi network on GrapheneOS. Apps, even if granted full network access, cannot read 
+            nor change the MAC Address.</p>
+
+            <p>GrapheneOS does <i>not</i> utilize Advertising IDs, even though the Advertising ID
+            normally seen on Android and iOS devices is resettable.</p>
+
+            <p><code>ANDROID_ID</code> is persistent between application installs but is resettable.
+            Pull requests are welcomed in this area.</p>
+
        </div>
        <footer>
            <a href="/"><img src="https://grapheneos.org/logo.png" width="512" height="512" alt=""/>GrapheneOS</a>