Like a popup how? What kind of dialog is it? It's more likely to be an app that's bundled by your carrier than your carrier MitM'ing ads into your stuff which is kinda what it sounded like
Caveat: if they're doing that, then they're almost certainly data mining your data streams (e.g. dns lookups etc.)
I wouldn't feel secure on such a carrier unless I also VPN'd traffic to a reputable provider (Nord, Express, or Proton) and forced DNS over TLS to known servers.
SIM cards can come with apps preloaded. There was a carrier in Mexico that would load a SIM app for Dominos Pizza and you could order a pizza from your phone if you were on that carrier. I learned this because of some carrier certification feedback I had to disposition at one job.
Go to [Settings] » [Apps] » [Special app access] » [Display over other apps] and check if any preinstalled carrier apps or anything suspicious has this permission granted.
Apparently this is handled by the privileged STK[1] service. It can launch browser which is I think what's happening.
GrapheneOS presently doesn’t do anything different in this case, they pull it from AOSP without modifications. However you can disable it using the frontend app (SIM Toolkit) as someone pointed out, but as far as I can tell this requires the applet on SIM card to cooperate (offer the opt out).
Otherwise you can disable the STK altogether with ADB but that will also block you out of other SIM card interactive functions, which might not be a big deal however.
Edit: "We plan to add the ability to restrict the capabilities of SIM Toolkit as an attack surface reduction measure. (2022)"[2] and open issue[3].
Like a popup how? What kind of dialog is it? It's more likely to be an app that's bundled by your carrier than your carrier MitM'ing ads into your stuff which is kinda what it sounded like
Just a message popup, a window with dark background and some text ad on it.
I did not buy this phone from a carrier, just added the SIM card later.
Really surprised to learn this doesn't happen to others. Always assumed that the SIM card had some special privilege given by Android.
Sounds like your carrier is abusing STK to display ads.
See https://www.browserstack.com/guide/stop-popup-messages-in-an...
Caveat: if they're doing that, then they're almost certainly data mining your data streams (e.g. dns lookups etc.)
I wouldn't feel secure on such a carrier unless I also VPN'd traffic to a reputable provider (Nord, Express, or Proton) and forced DNS over TLS to known servers.
SIM cards can come with apps preloaded. There was a carrier in Mexico that would load a SIM app for Dominos Pizza and you could order a pizza from your phone if you were on that carrier. I learned this because of some carrier certification feedback I had to disposition at one job.
Go to [Settings] » [Apps] » [Special app access] » [Display over other apps] and check if any preinstalled carrier apps or anything suspicious has this permission granted.
Just checked, and only "Phone" and "Google" have this permission.
There are no preinstalled apps, I bought this phone clean on Germany and then added a Brazil's SIM card when I got back.
Could it be that the SIM card has some control over the Phone app?
Apparently this is handled by the privileged STK[1] service. It can launch browser which is I think what's happening.
GrapheneOS presently doesn’t do anything different in this case, they pull it from AOSP without modifications. However you can disable it using the frontend app (SIM Toolkit) as someone pointed out, but as far as I can tell this requires the applet on SIM card to cooperate (offer the opt out).
Otherwise you can disable the STK altogether with ADB but that will also block you out of other SIM card interactive functions, which might not be a big deal however.
Edit: "We plan to add the ability to restrict the capabilities of SIM Toolkit as an attack surface reduction measure. (2022)"[2] and open issue[3].
[1] https://wladimir-tm4pda.github.io/porting/stk.html
[2] https://discuss.grapheneos.org/d/1492-blocking-sim-toolkit-m...
[3] https://github.com/GrapheneOS/os-issue-tracker/issues/875
Can't you just change your carrier?
I would rather have a phone that doesn't let my carrier show random messages whenever they feel like it.