Your phone tracks more than GPS. Even on GrapheneOS, location logging hides in sensors, network triangulation, and app permissions. This guide walks you through every layer, from disabling system location services and Play hooks to blocking network leaks and scrubbing metadata. If you want true location privacy on GrapheneOS, this is the full teardown.
Your phone leaks more than you think. Even a “private” one.
GPS. Wi-Fi. Cell towers. Bluetooth. Every ping leaves a trail.
GrapheneOS gives you control, but it’s not magic. Settings and permissions drift over time with use. You need to learn how to kill the tracking and confirm the settings.
Know What “Location” Really Means
Most people think turning off GPS means you’re invisible.
Wrong. There are three layers feeding your location profile:
- Hardware sensors (GPS, Wi-Fi, Bluetooth)
- Network triangulation (cell tower data, IP mapping)
- App permissions and telemetry
You’re fighting all three.
So stop thinking of “location off” as a toggle.
It’s a stack of refusals.
Step 1: Disable Location Services
Go to Settings -> Location.
Flip Use location to Off to kill everything.
That cuts the GPS and coarse network location for the OS and apps.
Now check the sub options in Location Services.
Turn off if they are already on:
- Wi-Fi scanning
- Bluetooth scanning
- Network Location
- Geocoder
These are background probes used for positioning, even when Wi-Fi and Bluetooth are “off.”
If you don’t kill them, your phone keeps pinging access points and BLE beacons quietly in the background.
Done right, your phone won’t send or process any location signal unless you explicitly allow it.
Step 2: Audit App Level Access
Even with system location off, apps can still ask for access and log your coordinates once it’s back on.
Audit your apps:
Settings -> Location -> App Location Permissions
For every app you will see the options for:
- Allow all the time
- Allow only while using the app
- Ask every time
- Don’t allow
Set Don’t Allow for everything unless it absolutely needs it (i.e. weather, navigation), set those to Ask every time or Allowed only while in use.
Delete the apps that nag for location and don’t need it.
Remember apps can still infer your location through IP or Bluetooth unless you isolate them
If you use something like Signal or Session, double check their App permissions. Some apps ask for permission to find nearby devices or assist in pairing. Decline unless you know it’s needed.
Step 3: Remove Google Play Location Hooks
GrapheneOS uses sandboxed Play services, which means they can’t reach system level location data unless you let them. This is absolutely one of graphene’s best features but you still need to ensure they are quarantined properly.
Go to:
Settings -> Apps -> Sandboxed Google Play
Under Geolocation you will see: Reroute location requests to the OS. Toggle off
To go deeper and confirm:
- Open Settings -> Apps -> See all apps
- Scroll down and drill into Google Play Services and Google Play Store
- Open Permissions, make sure both have location set under Not allowed
This stops them from accessing location APIs or storing history tied to your device ID.
No need to uninstall Play Services entirely since GrapheneOS isolates them but you should keep them starved of permissions.
Step 4: Block Network Level Leaks
Even with sensors disabled, your IP gives away a rough location.
That’s where your VPN or Tor route matters.
Go to Settings -> Network & Internet -> VPN
- Use Orbot, Mullvad, or ProtonVPN (no telemetry, no Google dependencies)
- Toggle on Always-on VPN
- Toggle off Block connections without VPN for now, until you test stability
- Later you can enable it for a full lockdown
If you use Wi-Fi, turn off auto connect. Go to Settings -> Network & Internet -> Internet -> Network preferences
- Toggle off Turn on Wi-Fi automatically
Remember open networks are tracking honeypots. Go to Settings -> Network & Internet -> Internet -> Saved networks
- Forget any saved networks that does not have a lock symbol next to them
- Toggle off Auto connect for any saved networks you have except your home access
Step 5: Strip Metadata from Media
Photos and videos leak EXIF data (GPS coordinates, timestamps, device model).
Disable that at the source.
Open Settings -> Apps -> Camera App
- Open Permissions, make sure location set under Not allowed
Already took some photos?
Check EXIF data and scrub them.
Use:
- Exif Eraser (Google Play Store)
- Scrambled Exif (F-Droid)
- mat2 (command-line, if you sync via desktop)
- Some Gallary apps have built in scrubbers
Never upload media without scrubbing.
Even a blurred selfie can expose your city block.
Step 6: Harden When You Travel
If you need navigation, isolate it.
Create a separate user profile just for maps:
- Install your navigation app there (OsmAnd+, Magic Earth, OpenStreetMap)
- Grant temporary location permission
- Delete data after use and wipe cache
When you’re done, switch back to your main profile.
Each profile in GrapheneOS runs as a separate sandbox.
No cross leakage of location logs or cached coordinates.
Optional: Go Air Gapped
Leave radios off:
- Enable Airplane mode
- Disable Wi-Fi and Bluetooth
- Use offline maps
- Log routes manually, not digitally
That’s as close as you’ll get to true location silence. If you want to go dark completely, then leave the phone at home, go the burner route or use a faraday bag.
You Won’t Get It Perfect
The system always wants to know where you are.
You can only deny it leverage.
GrapheneOS gives you the tools but you just have to use them with intent.
Disable. Verify. Repeat.
Every signal you cut makes you less predictable.
Stay quiet.
Not perfect. Just better.
-GHOST
Written by GHOST, creator of the Untraceable Digital Dissident project.
This is part of the Untraceable Digital Dissident series — tactical privacy for creators and rebels.
Explore more privacy tactics at untraceabledigitaldissident.com.