Seeking Privacy Advice

Gizmoh

First, let me preface this post by saying that I generally value security over privacy when I must choose between them. With that said, I would really like to improve my privacy posture without sacrificing too much security or usability. I know that this is a balancing act and everyone has their line in the sand. However, I am confident that the community here can still help me begin my journey in the right direction. So, let's begin...

Last night I carefully followed the installation instructions for GrapheneOS on my Pixel phone, being sure to perform all of the recommended actions and verifying that the key shared on the website matched the expected value. I then carefully went through all of the settings and tweaked them to my liking. If there was something I didn't immediately understand, I made it a point to either look it up or check the usability page on the official website. All of this gave me a really good foundation to build on.

It might also help to point out that I do not do any banking or use any social media on my phone. I might read stuff on reddit or watch things on YouTube, but I do it inside of a browser without signing in. That is just how I prefer to do it. As far as a threat model is concerned, I am not actively being targeted and I am not a whistleblower or anything like that. I do have a strong interest in security and I believe strongly in privacy, so my desire for those things stems more from personal ideaology and interest than actively defending against a specific threat. I just want to achieve a reasonable level of both security and privacy to feel good about my online communications. I tend to fall more into the category of paranoid, so it can sometimes take a lot for me to feel good about it.

At this point it was time to install apps. I waded through my options and ultimately decided that the most secure way (imho) to pull apps in was through the Google Play store. So, I went into the app store that came with my phone and installed the sandboxed Google Play Services / Google Play apps and gave them both network access. I created a throwaway Google account and signed into the play store with it. With the Google Play store working, I pulled in both Signal and Aegis.

The next thing I had to do was install the Microsoft Authenticator that I am required to use at work. So, I created a new private space and installed it in there. I am going to essentially use this private space as an area for apps and things I need to use for work and keep it locked when I am not actively using it. My thought process here is that it will further isolate the one or two apps I need for work from my personal data. While I do understand I could use a new user profile for this purpose, I generally feel like the private space is a good compromise and it gives me quick and easy access when required.

At this point I am at a crossroads. While I primarily put GrapheneOS on my phone for the improved security benefits over stock Android, I really do want to take advantage of the fact that I can greatly improve my privacy, but I also find myself wanting to take advantage of certain conviences and security options available to me that would ultimately mean adopting more Google apps than I already have. I will explain some next steps I am thinking about taking and my hope is that the community here can help point me in the right direction, provide a sanity check, or offer alternative solutions (that still align with my personal goals).

The first thing I think I will do is create a new user profile that I only use in my car. This profile would have Android Auto, Google Play Services, Google Play Google Maps, and YouTube music installed. I will create a new Google account for this profile and it will be linked to my friends Google family so I can use the premium version of YouTube music. I will give the appropriate permissions for the device to communicate with my car via bluetooth. This profile will remain at rest when I am not actively in my car. This is probably the biggest privacy sacrifice I am making for pure convience and usability. If I could find privacy respecting apps that would nicely integrate with my car, I would happily use them, but I have a feeling I am stuck with Google here.

The next big decision I need to make is what messaging app I want to use for text messages. In an ideal world I would talk to everyone I know using Signal. I have been getting people close to me to talk to me on there, but I know it is only a matter of time before they either give up and start texting me again or people outside of my immediate circle begin communicating with me through text. So, I would really like to have an app here that supports RCS. That way when friends/family message me, it will at least be more secure. I would just really like to avoid unencrypted messaging (SMS) as much as possible. Do I have any real options here besides Google? I have a strong feeling this will be another hit to privacy in the name of security.

The final hit to privacy I will be taking is getting and using Discord. I am a part of a lot of communities on there and a lot of my close friends use it, so for better or worse I am kind of stuck with this proprietary blob.

Once all of this is complete I will then be a little stingy with what apps I pull in. I feel like everything mentioned above will take care of the proprietary stuff I either need or would like to use. The remaining apps I can be a little more flexible with and try to find more privacy respecting options.

Also please keep in mind that I am just beginning my journey to tighten up my privacy. I still want to enjoy my device and online time... but I just want to kind of plug the data leaks where it makes sense to do so. I feel like moving my phone to GrapheneOS was a great first step, even if I load it up with some not so privacy respecting apps. At least they are sandboxed, I have better control over them, and I get to make the choice of what I want to allow or not. That is already worth the price of admission, but please let me know if there is anything I can do better or good alternatives I can use instead of the proposed Google apps.. My only real goal is that I want to keep using the Google Play store to download apps, because I simply feel safer doing that than using the alternatives.

I apologize that this reads more like a diary post than a coherent series of questions. I just really wanted to try and give a full picture so others could provide good suggestions that might actually suite me. I realize I can just go all out in terms of both privacy and security, but I would rather find a happy balance so it is something I will stick with long-term rather than get frustrated about missing out on too much.

Thank you for your time.

thmf

Gizmoh You're well prepared already. Just a few notes which may be of interest:

Regarding Discord. Since Private Space has already been taken in your scenario and a regular profile is a bit of a PITA for this purpose, you could install the app in a Work profile. This way you still benefit from better isolation from your regular apps in Owner profile while keeping convenience of having the app readily available, like it's running in the Owner.
Regarding separate profile for the car. Don't forget that some communication means won't be accessible in this scenario since you'll be in a separate profile. Suppose you're driving with some Maps app and are listening to music from your phone, all with Android Auto. What happens if you get a call via Signal? To answer it you'll need to switch to Owner profile, which is quite a task while driving, let alone not really a safe thing to do. Private Space may be better for this purpose.
Hope this will help to find balance.

Chipper

Gizmoh I cant comment on much of what you've said but i enjoyed reading your post as you seem considered in your approach and actually interested in understanding and pursuing the subject, the only thing that stood out to me was you say you will use a throw away account for google play store app downloads, which i interpret as a new account not linked to your old account/s.
Saying its a throwaway creates a false sense of privacy i think, as you will need to keep it in order to login and update the apps you choose to download, it may also depending on how you manage it, either become correllated with past accounts or become a new identity that is monitored and analysed and conveys useful information just as any new google account starts as new and then over time and activity starts to form a picture.
Now whether or not this is a problem for you i dunno, as you mentioned wanting to be as private as possible without compromising security, i felt i should bring it up.
I took the opposite approach then you i guess because i dont think compiling my own apk's or using accresent and or direct downloads from app developers really presents such a big risk (based on my threat model) i see much of the talk around that stuff as easily generating fud even though i often respect understand and appreciate the logic and reasoning behind it.
It was a big shift when i stopped using google 6-7 years ago but now i couldnt really tell you why or what im missing out on, i am able to do everything i want and its just normal. So yeah i cant suggest alternatives for your car etc cause im happy with sticking music on usb, and i prefer memorising routes (and have gotten significantly better over time) rather than use gps, occasionally ill use opsmand+ app for gps stuff but mostly i dont...

matchboxbananasynergy

Hey there, welcome to the forum, and congrats on starting out with GrapheneOS! :)

I read through everything in your post, and I'm getting the sense that you've already done your homework, so to speak. You understand what your options are, know where you're making "concessions" for added convenience, and where you're compartmentalizing etc.

Honestly, from me, no notes. GrapheneOS is a much better OS than stock to use privacy invasive apps in. People tend to feel that they're missing the point of GrapheneOS by using an app like Discord with it, but the funny thing about that is that if they use it on stock OS instead, they're not benefitting from stuff like the sensors permission, contact/storage scopes and all the security hardening that comes with GrapheneOS. If you're going to be using apps like Discord (and don't let people here make you feel bad about doing so, you seem to have a solid reason to use it, so do so), GrapheneOS is the most secure and private way to do so!

If you have any other questions, or any follow-ups here, feel free to reach out, there's plenty of folks here who like to help or offer their opinions. :)

Gizmoh

matchboxbananasynergy Thank you for taking the time to read my post. I appreciate your encouragement. So far everyone I have encountered in this community has been very helpful and welcoming.

Stayjuice Thank you for the suggestions.

thmf Would using a work profile still allow me to get notifications within the owner profile? My main concern is not missing any messages if I am pinged on there. I will need to do some searching online and learn a little more about this. I am still fairly new to the Android ecosystem, but I am definitely learning a lot as I go. Additionally, you make a valid point regarding getting a call or message while I am driving and I will take this into consideration as I continue to refine how I have things set up.

On another note, I did run into an issue when trying to get Google Messages to work with RCS. I found an ongoing forum post here about it and tried all of the suggestions, but it just says my device isn't supported. I was talking to someone in Discord (and the most recent forum posts in the thread I was reading) suggest that this feature was working fine up until recently. In the meantime, I have just uninstalled Google Messages and have encouraged everyone I know to message me on Signal or Discord (with a strong preference towards Signal). I'll just have to live with the odd-ball unecnrypted SMS messages from co-workers and select services. Luckily almost no one I know sends me text messages.

How do you all deal with the text message situation?

Stayjuice

I use Graphene os with separate profiles for google store sandboxed and at the network level I use Adguard on my network but pi hole is an alternative with a good block list but this can done on device I believe adguard has an app and there are similar apps but blocking trackers at a dns level has really cleaned up my internet and I rarely see spam adverts or ad trackers which is a big privacy concern especially if there are non graphene users on your network. Consider hosting your own email also on a privacy friendly server, it’s paid but then you are not using free services that snoop on by default

thmf

Gizmoh Would using a work profile still allow me to get notifications within the owner profile?

Yes. More to that, you can swipe up and switch between Owner, Work, and Private Space apps just as they are all in the Owner. That's exactly my point. It's way more usable for these scenarios than a separate profile. This way there's basically no need to switch between profiles and you still have the additional isolation you wanted.