All Android & iOS phones force you to first unlock your (physical) SIM to be able to use your phone. I never gave much attention to it, but now I realize this is a privacy problem. Sure, I can turn on Airplane mode later, and thus disable my SIM, but otherwise my location will have been tracked. I don’t understand why is there no “Skip: I don’t need cell connection right now”.
Why does this matter? When I am home, I don’t need cell connection, and thus shouldn’t be prompted to enable it.
Also, I understand that for most people, they want cell ON in case of emergencies, etc. This is why bypassing SIM PIN check on boot should be offered, but optional.
BTW, I am not interested in not having a SIM card at all, and I would appreciate that this topic doesn’t diverge in why you shouldn’t have a SIM.
No SIM PIN means an attacker could steal the SIM and use it in their own device to receive SMS-based 2FA codes. Obviously, the solution is to not use SMS-based 2FA, but that’s a change the banks need to make and is out of our hands.
That’s impossible for my bank, although any withdrawal would need my PIN. And for PayPal, if you call their customer service with your phone nimber, they might allow you un, regardless of what other 2FA methods you have set up.
Anyway, no one is addressing my original question.
I don’t understand the original question / concern. Airplane mode is persistent through a reboot (including with SIM lock enabled) on GrapheneOS (it could very well be the same on iOS and Android, but I can’t say with certainty).
Regardless of whether your SIM is unlocked or you have a SIM installed, a device not in airplane mode will talk to the cellular network, allowing it to be tracked through its IMEI.
Entering the SIM PIN only allows the SIM card to be used. If you do not wish to use the SIM card, you can physically remove it from your device, but that will not prevent tracking.
Cause I am forced to enable cell to access my phone, so I would probably forget it. Even if I didn’t, I still would have the tracking when I unlock my phone in BFU.
If you are at risk of forgetting to enable cellular, then what is your motivation for enabling it? Would you not just enable it when you need to use it?
The only way to avoid tracking BFU is to have the phone in Airplane mode when you restart.
There have been various issues regarding booting with Airplane mode enabled in the GrapheneOS issue tracker over the years, but they have all been closed for various reasons. I’m not sure what the developers’ stance on this would be if someone submitted a properly formulated feature request.
I don’t really know how to help you here. If you make a point of enabling Airplane mode for a couple of weeks, it will probably become a habit. My phone is almost always in Airplane mode nowadays. For me, it helps that my Wi-Fi turns off after 15 seconds, so I’m always in my quick settings to enable that anyways.
While I don’t identify exactly the issue, I agree that the situation is no ideal.
When installing GrapheneOS, I had a SIM inside and no tool to get it out of the phone and I was forced to put the PIN to continue the set-up. I woul have liked a “skip” option. For example because it’s better that the device does not connect to the internet before setting up remote attestation in Auditor.