So my approach for the phone is, that I have my main owner profile on the phone where I only use FOSS apps, installed via F-Droid and several task specific user profiles for tasks. Current user profiles are:
- Pixel, a profile with full google apps in case I need it for compatiblity (what never really happened in the last 7 months)
- Shopping, here Amazon and car sharing apps live (no access to SMS, phone or contacts)
- Banking, for Banking stuff (No access to SMS, phone or contacts)
- Gaming (No access to SMS, phone or contacts)
- Access, profile for 2FA apps and apps to access locks on the door on my co working space (No access to SMS, phone or contacts)
- Streaming, Netflix, Amazon Prime Paramount+ etc (No access to SMS, phone or contacts)
- Messaging, where Signal, Telegram and WhatsApp live. They only have access to a reduce subset of my contacts.
But another issue is, where does a phone synchronize to. So my calendar and my contacts are stores on my Nextcloud, running on a server that is here on my desk. It is not directly accessible via the Internet, but via a VPN, to reduce the attack surface.
I find services such as Pretty Good Phone Privacy very interesting, unfortunatley, this is not available here in Germany, because germany governments demands that a name is stored for every IMSI. https://invisv.com/pgpp/