What is your process for evaluating the privacy implications of installing any particular app? How do you evaluate pros/cons for where to install and what level of permissions to grant?
As an example, I subscribe to SiriusXM and like to stream their internet radio via their browser interface from time-to-time. Using a browser for this is inconvenient, and if I could specifically identify the tradeoffs I’d be accepting by installing the SiriusXM app I’d like to consider it. The problem is, I have no idea what I’d be giving up if I were to, for example, install it in my private space in my owner profile. I understand this uncertainty is an evergreen problem with closed-source software, but is there a way to develop a concrete pros/cons list for the various configurations?
I’m specifically interested in this example, but I’m more broadly interested in the process folks use to
answer this sort of question. Any examples of how you all approach this sort of thing would be
appreciated.
For additional context, here's the threat model I'm operating from:
I am not in a privacy-sensitive professional field (ie not a journalist or lawyer) and I am not a member of any particularly targeted group. I have objections to the invasions of privacy that come along generally with smartphone ownership and prefer to push back when possible/reasonably convenient. This has pushed me recently to shift from stock pixel 6a to GrapheneOS, and I'm slowly upping my game by incrementally stepping away from invasive apps and services.
Thanks! I look forward to the discussion