Golden standard for apps - interested in opinions

Trx-viewer

Tell me what, to you, are the gold standards in terms of app replacements and just privacy focused apps in general. I am going to leave my list here but of course everything is subjective. I'd like to provide reasoning for my choices and I hope to see the same. I made this list just because I saw that there are some shaky recommendations going around and I'm not really a fan of some suggestions.

Gallery: ReFra is an obvious choice, a lot of support, great integration, and probable official GrapheneOS app from what I've heard.
2FAS Auth, Ente or Aegis are probably the best authenticators for most people. It's good that Ente supports plain text export for secret keys for printing. 2FAS does not but it looks like a deliberate choice.
addy.io for Aliasing. I haven't tried SimpleLogin, but I've read up on Trustpilot reviews and it seems to me like I did a solid in choosing Addy over Proton. They should both work fine though. May come down to customer support quality.
Bitwarden is, to me, the best choice for a password manager.
Brave Browser and Tor have been my browser choices. Tor is Tor but Brave, considering how well it blocks ads, trackers and pop-ups, it is very nice that it doesn't break sites, and strikes a good balance for me. I've tried Mullvad but not a fan. Chromium browsers are best for most people regardless.
CalcYou is a good calculator app with a minimalistic design but it's not a big deal to differentiate these. Any offline calculator will do.
Contacts, Calendar, Phone and Messages from Fossify are nice, but I'm not the biggest fan and I just keep using the stock apps with Proton Calendar on the side which I enjoy more.
CoMaps for navigation has to be the best open source navigation app out there. I have tried them all (Magic Earth, OsmAnd, etc.) and it is literally night and day. It's even better than Organic Maps which it forks off from.
I still use Google Maps from time to time. Where I live it's just too convenient for finding specific places, restaurants, menus, etc. but for navigation CoMaps is the only thing I need.
EasyNotes from Accrescent to me is a very solid and simple choice for local note-taking. I don't need syncronization for those so people may know better options.
Ente Photos: probably the best app for cloud photos as there aren't many choices but Immich is great if you're self hosting. If you use Ente Photos you should not login into your Ente account on Ente Authenticator.
Heliboard is probably the nicest keyboard app I've found and I've tried a bunch. Not much to elaborate on but I like the fact you can import swipe typing into it and the level of customization it has.
Gadgetbridge is probably the only app for connecting devices in the most privacy-friendly way, to my knowledge.
Grayjay and NewPipe / PipePipe: I like Grayjay because it can cast to my Chromecast, which I haven't thrown away for some reason, but still find it useful. PipePipe is great because it's super light but I do agree on the concerns the NewPipe folks have with SponsorBlock. Sometimes I do appreciate it but sometimes it's just annoying what the community deems "unnecessary" in a YouTube's video.
Music (I will encompass everything here): there are many apps out there but so far this is my list:
- Metrolist for YT Music stuff
- SpotiFLAC for downloads
- Symphony for offline music
I downloaded all my Spotify playlists and am about to pull the plug on that.
PDF handling: I have struggled to find a good PDF app where I can apply a signature, and I don't really like XODO to be honest. I've settled on Foxit for signing and viewing PDFs with Network restricted. Also, OSS Document scanner is good for scanning documents.
Proton. Now, your level of using Proton may vary, but for my uses, I've found the Drive Plus subscription the best thing for me because...
I use Proton Mail (free) but don't really need anything extra apart from the storage, which is good because Drive Plus gives you shared storage between Proton services.
I use its Drive as I am not self-hosting. I also use the rudimentary Photos section in Drive to store a secondary backup of my photos from Ente.
I also use Proton VPN free (as a guest) as that's all I need and only care about masking my traffic from my ISP. It breaks PipePipe sometimes but it's not a big deal to me as I am very sealed out from any predatory service like Google. But I agree that a service like Mullvad VPN is just as good as paid Proton VPN.
Signal or Molly also good choices for your privacy but that's less of a choice and more how much you can convince people to migrate from Whatsapp and Telegram, etc.
I almost didn't include this section.
TranslateYou is a great app for translation with minimalistic design.
Tuta Mail: I also have a Tuta Mail free account as a backup email. But I am still deciding what to do with it.
Weather: Breezy Weather is a great choice for me. Not only for its minimalistic design but because it can also sync with my Pine Time smartwatch through Gadgetbridge.

Honorable mentions: Pixel camera used offline, Google Photos as an offline editor app. LibreOffice apps for viewing documents.

Side note, if anyone is concerned about the fact I use Proton Drive:
It's fairly easy to set up a standard fall back system like...

Portable SSD with Proton Drive contents and authenticator secret key backup file and recovery codes for various services;
Spinning HDD or second SSD with Proton Drive contents and authenticator secret key backup file and recovery codes for various services;
USB Flash Drive with authenticator secret key backup file and recovery codes for various services;
Printed sheets with Bitwarden's master password and its 2FA reset code in various physical spots.

Quantum

Trx-viewer I'd add Libretube instead of Newpipe. And Auxio for offline musicplayer

Clippy

Trx-viewer molly is definitely an upgrade over signal, although I can't get past the phone number requirement for signup, SimpleX Chat is better than signal/molly in basically every category and is pretty user friendly and feature rich.

BurningMoreThanWords

Trx-viewer EasyNotes from Accrescent

Just so you know it will no longer be updated on Accrescent. The dev apparently lost their signing keys for Accrescent so it is now outdated.

otterfoghornrainfall

Trx-viewer Bitwarden is, to me, the best choice for a password manager.

Prefer Keepass in combination with my file sync service. More flexible, less reliance on the vendor.

Trx-viewer

Quantum interesting. LibreTube's design looks very pretty. I'd like to know what it offers apart from UI. NewPipe to me is so good because of its light weight and Grayjay is good for casting. To me it looks like a jack of all trades master of none kind of app.

Quantum

Trx-viewer Not really sure how light weight is meant. As in size or features?

Libretube does what Newpipe does, and more. You can turn on sponsorblock, dearrow, return youtube dislike. You can use piped for certain stuff, but primarily its locally stored. The dev is working on a optional syncing solution also. Its written in kotlin instead of java.

Just an overall better UX and UI. I've used both and see no reason to stick with newpipe. Newpipe is clunky

Trx-viewer

Quantum I meant primarily RAM regarding LibreTube but if that's not a big deal then for sure it's a worthy upgrade to Pipe apps.

de0u

Clippy SimpleX Chat is better than signal/molly in basically every category and is pretty user friendly and feature rich.

To what extent has SimpleX been signed off on by security experts and cryptographers?

I am aware of these reviews:

To my eyes those don't look like the strongest possible endorsements.

Clippy

de0u the top link failed and the bottom one said failed to load code block. There were no critical or high severity findings with the audit, a few medium ones that were resolved with the 6.1 update and a few informational ones. Trail of bits was supposed to do a follow up and do a larger audit in 2025 but for whatever reason, it's delayed. And none of this changes the fact that signals requirement for a phone number to sign up is a huge metadata issue, not to mention it's centralized in the most invasive country on earth, and their message padding implementations aren't as good as SimpleX Chat. Signal/Molly are great for mainstream use, but it's various downsides leave something to be desired by those with serious risk profiles. Also, a delay in a third party security firm publishing a massive code base report doesn't invalidate the solid architecture of the protocol itself.

DohnJoe

Clippy

I might be wrong, but I think @de0u intentions were not to discredit SimpleX.

I guess that before putting trust in a service sold as the most secure in the world and give them your secrets, it's only fair to search for confirmations.

Nontheless I suggest to read the reports if you didn't already, they are interesting and goes some juicy details.
They might have been fixed already as you said, but I could learn something nontheless :)

de0u

Clippy the top link failed and the bottom one said failed to load code block.

The newer link should end with ".pdf", I'm not sure how I botched that.

If GitHub is unwilling to display a PDF, it will typically have a download button, slightly concealed.

de0u

Clippy There were no critical or high severity findings with the audit, a few medium ones that were resolved with the 6.1 update and a few informational ones. [...]

To my eyes those issues, though they were politely expressed by the contractor hired by the project, raise concerns about the project's design processes.

Clippy Also, a delay in a third party security firm publishing a massive code base report doesn't invalidate the solid architecture of the protocol itself.

What I think I see there is a mild rescheduling, nothing that concerns me personally.

But reports commissioned by the SimpleX project are not the same as endorsement by people not associated with the project -- which I believe is common for Session.

Carrousel7956

SimpleX is recommended by PrivacyGuides https://www.privacyguides.org/en/real-time-communication/#simplex-chat

There is a large thread mostly egged on by this user named Maqp who has it out for SimpleX. That's not really an exaggeration, although I think Maqp's main criticisms are that

SimpleX has misleading marketing because they don't use Tor and claim to have no identifiers without doing anything for the IP address identifier.
SimpleX doesn't do anything for network privacy and should include Tor by default. Basically the same as above.

https://discuss.privacyguides.net/t/simplex-vs-cwtch-who-is-right/19256
https://discuss.privacyguides.net/t/why-is-simplex-considered-the-best-messenger-app/26151

Clippy

de0u it happens, I did actually read the trail of bits review/audit when it first came out, and I followed SimpleX closely to see if they'd fix everything, and they ended up doing just that with the 6.1 update, I became more optimistic towards them after that. I don't want it to sound like I dislike signal or molly, I actually use molly, the phone number thing was just hard to overlook, but it's a more mainstream app than SimpleX Chat is and I appreciate it's reach and that it brings more normal people in to this space. It's just those two issues that I think hold it back, I wouldn't even use SimpleX Chat if signal moved past the phone number requirement to be honest. But in terms of correlation combined with their message padding implementations and country of origin/centralized nature, it's hard for me to overlook personally. I think it's a great platform, just with a few downsides that I find it hard to ignore.

de0u

Clippy I don't want it to sound like I dislike signal or molly, I actually use molly, the phone number thing was just hard to overlook [...]

I absolutely agree. My sense at present is that the Signal ecosystem's major issues are the need to disclose (and, for safety, to maintain) a phone number, and then the centralization. But my sense is that SimpleX's protocol ecosystem is not trusted as much by qualified people who have evaluated both.

Clippy

de0u I don't think that's a bad omen for the design process, it's just a result of what security audits are designed to do. Signal has had no shortage of issues as well, and they got patched just the same and they deserve respect for that, just as SimpleX Chat does. For signal there's the recent notification database leak, sealed sender static key risks, CVE-2019-16725, The 2014 Ruhr University Bochum Audit(which I know is very early on), much like SimpleX Chat is today, so despite the severity of these issues, signal fixed most of them, just as SimpleX Chat fixed the ones trail of bits mentioned with the 6.1 updates. Also session is unfortunate because it's dying on July 8th I believe, since I highly doubt they'll receive the donations they're asking for, which is too bad, session v2 had a lot of promise. It finally would've achieved PFS. And my personal issue with tor is the risk of compromised exit nodes, and the fact that anyone can host one. Mandatory Tor isn't perfect either, although tor is still a very good thing obviously. And SimpleX Chat can use Flux which I haven't looked into yet, but I haven't used Flux anyway.

Also here's Flux, apparently it's onion routing adjacent in its design. https://simplex.chat/blog/20241125-servers-operated-by-flux-true-privacy-and-decentralization-for-all-users.html?hl=en-US

Clippy

de0u trail of bits only had the two medium severity issues that were patched, what else would you think would give SimpleX Chat more credence? It's open source obviously. The other user mentioned privacy guides recommends it, I guess I'm missing what else you think is necessary for standardized approval. The co founder of Ethereum backed SimpleX Chat with a massive donation if that helps. So I guess my point is, while I get the caution, I think we have to ask, what else could an open source project realistically do to earn that standardized approval?

de0u

Clippy trail of bits only had the two medium severity issues that were patched, what else would you think would give SimpleX Chat more credence?

As I wrote above, it's one thing for contractors hired by SimpleX to issue polite reports about it. And as I wrote above, that's not the same as endorsement by qualified experts not associated with (or paid by) the project.

For example, this one interview lists these people as endorsing Signal:

EFF, Glenn Greenwald, Edward Snowden (though they are not cryptographers)
Facebook Messenger, also WhatsApp (though they are users of the protocol, not the system)
Tal Malkin and Allison Bishop, cryptographers at Columbia
Cryptographers from Cisco, Waterloo, ETH Zurich (paper)

Here is a 2025 paper from Japanese cryptographers analyzing Signal's post-quantum extensions.

I'm not saying that everybody must use Signal, that Signal's phone-number issue isn't a genuine big issue, that nobody should use SimpleX, etc. What I'm saying is that a lot of qualified people have looked hard at Signal. That's good, because that's generally what it takes to end up with something secure.

The 2024 Trail of Bits report on SimpleX is based on one staff-week of effort (see page 6). Paying for that evaluation is a good step, and it's encouraging that it uncovered no dramatic problems, but I really don't think that's the same thing as the scrutiny that Signal has undergone.

SimpleX cryptography may be great, and I hope it is shown to be great, and many people may choose it over Signal because the phone-number issue matters more to them than the reduced amount of external expert scrutiny that SimpleX has undergone compared to Signal. But that doesn't mean that SimpleX has survived extended scrutiny by cryptographers around the world. Has it?

gowowa1659

Im using vanadium, but when mullvad browser supports android I'm willing to use that instead. I just love how simple and unbloated ff based browsers are. Brave, in contrast, seems even more bloated and invasive than even Chrome. Brave origin for 60dollars and only 10 cumulative activations is pure nonsense to me.

Trx-viewer

gowowa1659 it's definetly a little bloated from the start but it really did only take me 5 minutes to disable all the Leo/Crypto Wallet slop in Brave and turn off ads and any other random stuff.

The fact is that in my uses, there's a couple sites I visit which always have some cookie popup or other stuff even with uBlock Origin. Brave is the only one that really nukes everything and doesn't break the site, that's why I'm sticking with it. But I do agree that there are so many options that I wouldn't ever impose it on someone.

Clippy

de0u That's fair, and I actually agree with that perspective to a point. There's no denying that Signal has undergone a level of global, unsponsored academic scrutiny that almost no other messaging protocol can match. That longevity is exactly why Signal earned its reputation and why it's a great mainstream choice.
SimpleX is definitely younger and hasn't had a decade of global papers dissecting it yet, but they are following the exact right blueprint to get there. Paid audits by firms like trail of bits are just step one to establish a baseline. Step two is getting noticed by the broader independent security ecosystem, which is happening now, SimpleX’s low level design is actively audited by independent security groups like hardened vault, and it has been vetted for inclusion into hardened platforms like whonix. But at the end of the day, It really just comes down to what a person's specific threat model values more.

de0u

Clippy SimpleX’s low level design is actively audited by independent security groups like hardened vault, and it has been vetted for inclusion into hardened platforms like whonix.

Is it possible to provide a link to a description of the "active auditing" by Hardened Vault? What I was able to find was a brief 2024 blog post that doesn't look like an audit to me, but that was based on a quick search so perhaps I missed something.

Clippy

de0u https://hardenedvault.net/blog/2024-11-01-simplex-protoco-analysis-/?hl=en-US

So audit wasn't the right term, that's my bad. Analysis is the right term.

de0u

Clippy https://hardenedvault.net/blog/2024-11-01-simplex-protoco-analysis-/?hl=en-US

That is indeed the blog post that I linked to.

To my eyes that looks like the result of maybe a few days of reading SimpleX documentation, roughly zero days of reading code... ...and it mentions a possible DoS issue with the protocol design. That may not be a big deal, but overall I don't see anything there that endorses SimpleX.

That blog post is around a year and a half old. The Trail of Bits report was also from 2024. I hope the frequency and extent of analysis of the SimpleX protocols and the code improve.