"Network time can be disabled with the toggle at Settings System Date & time Use network-provided time."
Connectivity checks are enabled by default but can be disabled.
"Connectivity checks designed to mimic a web browser user agent are performed by using HTTP and HTTPS to fetch standard URLs generating an HTTP 204 status code."
"You can change the connectivity check URLs via the Settings Network & internet Advanced Internet connectivity check setting. At the moment, it can be toggled between the GrapheneOS servers (default), the standard Google servers used by billions of other Android devices or disabled."
Why these are enabled by default, i.e., opt-out instead of opt-in, is strange considering this OS is aimed at technical, security and privacy-conscious users. Users who would surely know what services they want and be capable of enabling them.
Yeah I agree, these settings should be disabled by default and require explicit opt-in. That said, I am impressed by how privacy/security-conscious the OS seems to be otherwise!
You can't really get rid of connectivity check, because it is a part of public API. Applications use it to check whether a network has internet access. Android itself uses it to detect captive portals and prompt user to authenticate when network requires authentication/payment via a web page.
I'm not suggesting they get rid of connectivity check. They already provide the option to disable it. All I'm suggesting is that it's not enabled until the user indicates they want it to be. This could be asked during a "first time" setup flow like most smartphones have.
* Usability: An OS without network connectivity checks and time sync might not be usable by non-geeks
* Obscurity: The threat from these pings is low. The threat of having a phone that behaves differently than "billions of other Android devices", indicating that it's GrapheneOS or some other security-oriented OS, is arguably higher.
I'm a little confused: GrapheneOS is the exception; almost every OS successfully implements connectivity checks. Also, the answer to the problem seems obvious: check again. Check every second or every 30 seconds, etc. It's just a ping.
The time service is enabled by default but can be disabled.
"An HTTPS connection is made to https://time.grapheneos.org/ to update the time from the date header field."
"Network time can be disabled with the toggle at Settings System Date & time Use network-provided time."
Connectivity checks are enabled by default but can be disabled.
"Connectivity checks designed to mimic a web browser user agent are performed by using HTTP and HTTPS to fetch standard URLs generating an HTTP 204 status code."
"You can change the connectivity check URLs via the Settings Network & internet Advanced Internet connectivity check setting. At the moment, it can be toggled between the GrapheneOS servers (default), the standard Google servers used by billions of other Android devices or disabled."
Why these are enabled by default, i.e., opt-out instead of opt-in, is strange considering this OS is aimed at technical, security and privacy-conscious users. Users who would surely know what services they want and be capable of enabling them.