os-issue-tracker icon indicating copy to clipboard operation
os-issue-tracker copied to clipboard
verified publisher icon GrapheneOS

Skip SIM unlock - inconsistent eSIM disabling

Open goshuberto opened this issue 1 year ago • 0 comments

Hello,

there are reasons to boot the phone 'offline' - muted radios like in flight mode. But unfortunately I'm always (^1) forced to unlock my SIM card(s) just to use my phone - with or without intentional cellular service availment. To my understanding, the possibility to skip SIM-unlocking doesn't affect security in any way, since vigilantes can simply remove the SIM card (see ^1 for similar possibility for eSIM).

If powered up in non-flight-mode, we have no way to prevent IMEI leak resp. registration (location) logging! I might have forgotten to turn flight mode on before last power down, or I might be unsure if I did or battery might have run out... In these cases, currently I cannot boot the phone at all for a while (until location permits).

Having the possibility to skip unlocking the SIM card(s) not only increases privacy wellness. I'm not entirely sure if locked SIM prevents IMEI reading completely, but from engineering perspective, that level of protection should be covered by the PIN. At least no regular cell tower registration would happen, hence no location profile feeding. So in my opinion, this is a terribly missing feature of GrapheneOS (vendors like Jolla do provide that feature in their OS).

^1) On one phone (powered down with flight mode ON) I'm presented the option "Disable eSIM" at PIN input dialog (scrolling explanation 'disable eSIM to use phone without mobile service' after naming the self chosen name of the mobile account) . This is after the (p)SIM was unlocked (despite flight mode ON). On another phone with the identical setup (same model, same eSIM provider, same SIM provider), I'm not offered to "Disable eSIM"! Powering down that phone with flight mode ON (to leave it in exactly the same state as the other phone, where "Dsiable eSIM" does show up) doesn't change anything!

What causes that difference? Both phones have (recently added native) "eSIM support" DISABLED! eSIM was provisioned before GrapheneOS installation (both phones).

Currently there's another privacy affecting limitation: In flight-mode, I cannot disable SIM slots. I need to disable flight-mode before I can switch off any SIM slot. This makes no sense to me, at least from the user point of view.

I'm aware that AOSP is the source for the current behavior, but I'm not using AOSP for a reason, but GrapheneOS. Would be fantastic if GrapheneOS could catch up with SIM handling to what others allow for years already. The possibility to unlock any SIM later at runtime (from the 0 profile) should be provided of course, but even a reboot-enforcing solution would enhance GrapheneOS in a first step.

goshuberto avatar Mar 23 '24 11:03 goshuberto