Just a heads up for those who are using GrapheneOS. If you log into 2 (google or other) accounts on an installed app even on different profile, the service provider will still be able to link between your 2 accounts using MediaDRM. (Google will still know that both of the 2 accounts have been logged in on the same device)
More info:


Was able to get a different result using the media DRM toggle in developer settings
Verified results using TrustDevice
https://apt.izzysoft.de/fdroid/index/apk/com.trustdevice.android
https://www.trustdecision.com/
The other identifiers remained.
No appops or permissions change or prevent the exposure of other information.
Actually… Geto, can apply appop settings/values per app launch. And you can change the android_id value.
thanks a lot
can you explain what this option does? What is Force Software Secure Crypto? and what is DRM key management and software-basedwhiteboxcrypto?
Also I’m having a bit trouble understanding how Geto work, would you be so kindly to link a tutorial below? thanks a lot
So, the media DRM toggle switches from the hardcoded hardware ID to a software DRM. Creating a new DRM key.
https://developer.android.com/reference/android/media/MediaDrm
Geto uses shizuku (an app that allows for adb/shell functionality) to change settings that are usually hiddden or inaccessible, or to give/deny apps permissions or features, or, as in the screenshot to change certain keys values. This allows you to change the environment and settings of the app on launch, and revert them on app close.
You can see all the current settings by using adb:
adb shell settings list [ global | secure | system ]Or in termux with shizuku:
settings list [ global | secure | system ]In the following screenshot I enter the shell using shizuku (rish) list global settings and find keys with adb. I change the value of adb_wifi_enabled (wirelese debugging) from 0 to 1 and set {1} as the default value. Then I list again to show the change.
This is what geto is doing. But it assigns it to the action of launching/closing an app. While doing it manually via terminal set those values system wide.
Sometimes, though, you may want a system wide change (like if you want to change the accent colors or theme from RAINBOW to VIBRANT).
(There are other configs and properties you can viewed and modify using other commands. (in shell try
For a list of services. Some have user modable options. Be careful. If you don’t know, don’t touch. Every setting can be searched . there are hundreds or thousands .)
thank you so much!
Would you recommend everyone to turn on this DRM setting? Is there any downside? This seems like a perfect option to prevent MediaDRM tracking and I’m suprised it’s not default turned on
I wouldn’t recommend anything.
This is only what I know.
There is much much much more I don’t know.
This might be useful to use temporarily when you add an app that you know will read these values on install.
You may be able to use an app like geto to have this option toggled so that it only uses the developer settings option when the app is launched and returns to hardware when it closes.
Keep in mind there are a host of other identifiers on your device that can also be used to track and identify the user and device.
I like privacy and security.
thanks a lot
EDIT: turning this option on can only generate a random mediaDRM for different apps, but the same app will still have the same mediaDRM across different profile
so you can login to 1 accounts on google and also login to bank app they wont link you through mediadrm
hopefully someone could give a solution to spoof mediadrm for the same app across different profile
Seems the only real solution is to buy cheap burners.
Curious if using the website version of an app can pick up the mediaDRM key via the browser.
I think no, best to use all app through browser if you can
deleted by creator