Comment by tarruda

12 hours ago

Just checked, and only "Phone" and "Google" have this permission.

There are no preinstalled apps, I bought this phone clean on Germany and then added a Brazil's SIM card when I got back.

Could it be that the SIM card has some control over the Phone app?

2 comments

tarruda

Reply
deno  9 hours ago

Apparently this is handled by the privileged STK[1] service. It can launch browser which is I think what's happening.

GrapheneOS presently doesn’t do anything different in this case, they pull it from AOSP without modifications. However you can disable it using the frontend app (SIM Toolkit) as someone pointed out, but as far as I can tell this requires the applet on SIM card to cooperate (offer the opt out).

Otherwise you can disable the STK altogether with ADB but that will also block you out of other SIM card interactive functions, which might not be a big deal however.

Edit: "We plan to add the ability to restrict the capabilities of SIM Toolkit as an attack surface reduction measure. (2022)"[2] and open issue[3].

[1] https://wladimir-tm4pda.github.io/porting/stk.html

[2] https://discuss.grapheneos.org/d/1492-blocking-sim-toolkit-m...

[3] https://github.com/GrapheneOS/os-issue-tracker/issues/875