Ok guys:
Reroute to OS is ON
Improve location accuracy is OFF
The only weird thing I noticed is Google Play Services app had access to SMS (besides Network and Sensors)
Could that cause the leak?
Obviously I did not give those permissions. It was Graphene defaults
Just removed Sensors and SMS
is it Sandboxed GPS or from the GP store?
Installed from Graphene App Store, so sandboxed
I don't think GPlay can see your IP because that would defeat the purpose of them sandboxing it.
Mine can tell my location with or without Google Play when I allow it.
I'm looking at my settings RN.
Pretty sure the leak comes via the SMS permission
it might,
here is what they say about Sandboxed GPlay
Did you read anything specific to SMS in there?
nope but it explains how it works.
one thing to check if you are on VPN is that it should not be set to use secure DNS. it will cause DNS leaks.
that is worth checking.
there is another page on their website that warns about carrier services.
cellular is totally unsafe and insecure in terms of privacy so you are definitely on to something.
i don't think it is a bug but rather a result of the way cellular just works.
the IMEI of your phone is associated with you and they likely sell that info to Google if Google can't get it off your phone the usual way like on stock android.
I don't know what your security needs are. it may be better to have a generic dumb phone for sms stuff if you need to be fully shielded on your smart phone.
I use my second profile for my bank app. that's pretty much it.
