Since switching to GrapheneOS I have gone back to using wired headphones with USB-C plug. This is however a pain in the ass, as the plug is so loose that it disconnects anytime you even touch it slightly. And because it’s GrapheneOS you have to unlock the phone everytime to reconnect it. I’ve tried other models that all have the same issue plus annoying static background noise.
This makes me wonder if it’s really worth it and if I should just go back to using Bluetooth headphones. So I wonder: what are the privacy downsides to having Bluetooth enabled?
I’m not concerned about authorities being able to track down my physical location: that’s not in my threat model, besides they could already do that since I use cellular network.
All I worry about here is tech companies being able to track my behaviour somehow, but I’m not sure if that is even relevant in this case. The few proprietary apps I have on this phone I wouldn’t give access to Bluetooth anyway.
Bluetooth has its vulnerabilities like anything else, of course you’d need to be in range of the attacker for it to work. Bluetooth tracking beacons are common nowadays, but some Bluetooth devices randomize the MAC address to prevent that type of tracking. Unfortunately it’s not easy to figure out which devices support it. You also need to worry about firmware updates to patch vulnerabilities, which a lot of times requires a third party app unless you’re using first party headphones like AirPods on iOS or pixel buds on a Google pixel. I like Bluetooth headphones but I tend to just go for AirPods since I’m on iOS which support MAC address randomization and automatically update from iOS.
So basically the issue is with the security of Bluetooth devices and how well-supported they are by the OEM, not having it turned on on your phone IMO.
When a phone scans for nearby devices, it simply listens for the advertising packets that those devices are currently transmitting. Those packets contain the device’s present Bluetooth identifier (a MAC address, which many phones now randomize), its name, and possibly a few service descriptors, but they reveal nothing about past pairings.
Because only the current Bluetooth identifier and name are visible, an external scanner can recognize a device that is actively advertising at that moment, but it cannot reconstruct a list of all devices you have previously paired with. Consequently, the set of devices you have ever connected to is not exposed to anyone outside your phone.
So, while a nearby scanner could potentially identify that the same device is present again (if the device uses a static MAC address), modern phones typically randomize their MAC address during scans, which makes persistent tracking much harder. In practice, you generally don’t need to worry about big‑tech services having access to a historic list of your Bluetooth connections. Maybe somebody with more knowledge about Bluetooth could chime in and correct me if my understanding is incorrect.
Bluetooth vulnerabilities are discovered multiple times a year. With older standards, which are no longer supported, there is no fix.
I use it sparingly at home and set GrapheneOS to disable BT and wifi after disconnecting for more than 60 seconds. If I walk out of the house without manually toggling it off I’m still protected.
Not sure what you mean, the connection should be encrypted.
You have to actively pair devices so I don’t really get the point of this. On iOS and Android you have to grant apps access to Bluetooth so it shouldn’t be an issue. The ones I saw when I googled for them just give you an alert when a Bluetooth device is discoverable or the name changes etc doesn’t seem like a proper firewall.
There was one very recently called WhisperPair which allows you to track the physical location of the earbuds depending on model. From what I can see, GOS hasn’t implemented a fix for the issue yet which would be CVE-2025-36911.
Aside from the phone, wouldn’t Bluetooth connected devices such as headphones pose a risk? I doubt many of them randomize hardware identifiers but I could be wrong.
I only use a Bluetooth speaker at home, which doesn’t leave the premises. Sourcing a new portable speaker without Bluetooth is difficult. There are USB powered speakers for laptops which might suffice. But those are bulky and not intended for outdoor use.
I don’t like wireless technology because it creates more possible attack vulnerabilities. With a wired device transferring data I can be sure only the two devices are transferring data.
Is the USB port loose? OR does the cable easily come off? I use a pair of IEM or Koss headphones with Fiio KA11 dongle. I used to get the cheap white generic ones, but they would break a few weeks later.
They actually managed to steal a Whatsapp and amazon account using the Headphones. Which just shows again that SMS and call 2FA are a bad idea.
What I find really interesting from it, is the part about disclosure and fixes. Turns out a lot of Headphone companies seem to lazy to ship security updates at all.
Personally I use Bluetooth headphones, never thought about that the headphones MAC could also be tracked. I so will start to turn them off more often.
There’s definitely increased attack surface with Bluetooth, but that’s the case with most things. Using hardware that supports the privacy/security features of Bluetooth (most of them are entirely optional) and keeping them up to date will keep you mostly safe. Bluetooth is just way too useful for me to turn off atm but if your threat model expects local sophisticated attackers it’s a good idea to keep it disabled.
The ones I’ve tried recently are headphones that come with a USB-C plug, like these ones, not a separate dongle. I remember trying one of those dongles years ago which barely worked at all but it might have been a cheap model.
Yeah, I bought maybe 5 or 6 cheap dongles that broke within a few weeks before I bought Fiio KA11. It has lasted me almost a year so far as it’s sturdier, has big output power and only cost £30. Paired with cheap IEMs with replaceable cables, I find myself barely using BT headphones.
