GrapheneOS: Undocumented Google Connections and Privacy Risks
▲ 13 r/opsec+2 crossposts

GrapheneOS: Undocumented Google Connections and Privacy Risks

GrapheneOS is marketed as a privacy-hardened, "de-Googled" operating system. However, technical analysis by the Kuketz IT-Security Blog revealed that the OS automatically connects to Google-operated gstatic.com servers by default to perform Android's standard captive portal checks.This behavior is not documented in the official GrapheneOS FAQ, creating a transparency issue for users. From a strict privacy perspective, these automatic connections leak critical metadata, including the user's IP address, timestamp, and location data directly to Google, enabling potential tracking and device fingerprinting despite the absence of Google Play Services.

u/MindlessCry3444 — 3 days ago