I found a neat open source app that can be used to check app fingerprinting on Android (across installs): TrustDevice
I tried it on GrapheneOS without any permission granted and the unique IDs persisted across installs.
It shows you what an app can see without needing any user-exposed permissions granted like how much storage you have left on device, RAM usage, battery %, list of all apps installed.
The GrapheneOS website covers non-hardware identifiers on Android.
They acknowledge that GrapheneOS is unable to protect against apps fingerprinting profiles, so they recommend using separate profiles, including ephemeral profiles for activities that need to be kept separate.
The GrapheneOS documentation is a great resource! I actually read that part on non-hardware identifiers before posting. But it didn’t cover that apps can see: all installed apps, used RAM, used storage and battery percentage. I only learned that through experimenting with that app.
That’s a good detail!
Does erasing private space have the same effect as erasing profile? It looks a bit more integrated into main than separate profiles, so idk if apps will detect it if it’s erased and then enabled again.
Found a link on GOS forum regarding device fingerprinting: Identifiers across private space and profiles - GrapheneOS Discussion Forum