schweizer reread @de0u 's post. Does your threat model really require that level of isolation? I'm by no means doubting it, but the most of us overthink it a bit, myself included.

If it's not absolutely critical that Google (or someone they leak your installed apps to) isn't able to identify you based on installed apps, I wouldn't worry too much about it.

      GrouchyGrape What you do not consider is potential work implications of using such apps with a daily driver phone.

      Isolation is the key here, so even if their threat model does not call for it implicitly, they still should exercise the most cautionary approach possible.

      @schweizer, the YT content you talk about is aimed at daily driver, nothing work related. You should not take advice from a yt content if you use such apps. I am kind of surprised your work did not make it mandatory to use a company provided and managed phone with strict policies etc. but everyone is skimping on security, so I guess I should not be surprised after all..

        GrouchyGrape Does your threat model really require that level of isolation?

        For me a requirement is a "normal life". Reality is without whatsapp you are excluded from todays social life. I will not give up my life because some tech companies are making it virtually impossible not being spied on.

        I do stuff that is illegal in certain non-western countries and I am required to travel internationally. So I am concerned about privacy.

        I simply do not understand why the permissions are set in a way that virtually any app can send a list of my installed apps back to their headquarters. I do not understand why I cannot download most apps from the manufacturers website or github.

        I doubt that just removing my special apps will be sufficient to avoid fingerprinting. Nobody has answered my question yet how to test the uniqueness of the list of installed apps. I fear the combination of locale, banking apps and threema libre is quite unique.

        I am on friendly terms with my employer and don't have a 9 to 5 job. Some friends are customers and vice versa. Carrying two phones all the time would be very inconvenient and I fear it will not solve the problem because if two phones share the location all the time they can be correlated as well.

            schweizer Carrying two phones all the time would be very inconvenient and I fear it will not solve the problem because if two phones share the location all the time they can be correlated as well.

            I am not sure what you do for living and won't ask, hence maybe I don't see why you'd need to have all connectivity up 24/7 on the work phone, but the way I'd do it (and did when needed) is to block all connectivity on it and use a spare modem to give whatever network access is needed to operate the apps for work. Inconvenience? Maybe, at least at first. But if you really want to separate it, there's (imho) no "better" way.

              I need connectivity for messengers. Voice and text. I am not alone with that need. Besides not everybody has one single job. You can have different roles in different organisations. I never mentioned that I want to separate those roles.

                schweizer to answer your original question, unfortunately, it's virtually impossible to live a normal digital life and completely avoid fingerprinting against a motivated actor.

                However, that isn't to say that a few basic practices (private spaces, multiple profiles, etc ) don't help and make fingerprinting more "expensive".

                  schweizer yes, you did not say you'd want to separate your life and work but at the same time you want to avoid profiling and identification due to work apps that have a very small number of users you can't expect miracle solution.

                    schweizer I simply do not understand why the permissions are set in a way that virtually any app can send a list of my installed apps back to their headquarters.

                    I think the short answer is something like:

                    1. In general it is expected on Android that the overall user experience is based on multiple apps working together, so there are cases where one app might wish to offer to share some data with some other app if it is installed,
                    2. Android has multiple features that enable users to separate apps from each other (secondary user profiles, Private Space, guest user).

                    At present the user-profile system has limitations, quirks, and annoyances, but it does exist. It is not the case that Android forces all users to allow all apps to report on the presence of all other apps.

                      schweizer Nobody has answered my question yet how to test the uniqueness of the list of installed apps.

                      I think the only way to do that would be for users to voluntarily install an app that would report the identity of the device and the list of installed apps to a database which could then estimate uniqueness.

                      It's unclear to me that anybody worried about "app fingerprinting" would be willing to install and run such an app, so...

                      • fph replied to this.

                          de0u Actually for this purpose you don't need to upload the whole list, a cryptographic hash is sufficient.

                              fph Actually for this purpose you don't need to upload the whole list, a cryptographic hash is sufficient.

                              Good point!

                              Though I think there are issues...

                              1. Anybody who has only a small number of apps installed would be revealing exactly which apps. For example, if I have exactly the pre-installed apps installed plus one more, and I upload that hash, then the server can easily determine which single other app I have installed by computing the hashes of multiple hypothetical llists: baseline apps plus app A, baseline apps plus app B, etc. And it would probably be feasible to precompute hashes for pairs of fairly-common apps.
                              2. One would need to trust the app to be uploading only the hash of the list of installed apps rather than the list itself.

                                One could simply anonymously upload a csv list of the installed apps. There is no problem with such a list as long as it is not tied to a profile. And the list is probably not that unique on a worldwide level. But if you combine it with a locale or IP that looks different.

                                Aurora will have such data already.

                                schweizer if you do multiple profiles some identifiers (media identifier) will be consistent across profiles as well as other fingerprinting will be consistent across programs. It is VERY likely they could be linked.

                                If you do anything with crypto thats not allowed in your country, or engage in unsanctioned activity, you're making a mistake likely. If all your questionable activity is in a profile with FOSS apps without trackers and you use a different VPN, it's less risky but still risky. You'll still have the same imei and so if suspicious profile 2 somehow gets linked to you (they determine wireguard packets are linked to phone imei) then they can track other imei data. If they somehow can break 1st profile with other differentVPN (like monitor packets and order going to data center and see outgoing packets to weird-unique-app update (www.apponlyusedbyanthropologistswhilesearchingfordinosaurbones.com), they can guess it's you and then collect evidence other ways.

                                Graphene is hardened, but you could be making a mistake.

                                If you are part of a graffiti collective, and at worst you get probation, they aren't going to be try to correlate wireguard activity. If it's something more serious, just don't do this.

                                Just running WhatsApp will fingerprint the hardware of the device. Meta and Google have the most advanced fingerprinting along with Cloudflare, but cloudflare isn't in Apps. Meta likely has the most advanced fingerprinting of the group.

                                They can guess who is who with vpns and also they can buy VPN accounts and try to connect to VPN and send malicious packets to correlate. Wireguard does not offer that much protection. They won't go after you if you are torrenting a new blockbuster movie but they can definitely break wireguard with malicious packets and other software they have. They do not use it for low level offenders.

                                  This leads me to the conclusion that using Aurora with anonymous downloads is actually superior to using Playstore in terms of privacy.

                                  There is no possibiity to check how unique your combination of apps is but after visiting am i unique I assume almost every combination is unique. Especially if you live in a small country.

                                  We really need a way to anonymously download (paid) apps without disclosing an official ID.

                                    schweizer and it comes down to the uniqueness of Vanadium browser settings. So whenever you browse with Java on on it, take care folks :)

                                        SgtSurehand whenever you browse with Java on on it, take care

                                        Having JavaScript disabled makes you even more unique. 1.25% of the users have it disabled.

                                            schweizer disabling Javascript you are denying website a lot of (un)wanted functionality. True, most will not work as intended if you do that, but if you look only for information of interest it will often suffice.

                                            Take this forum for example, with Java off you can't log in but but all posts are still accessible.