Hi everyone,

I was curious what how the community is tackling privacy on their mobile phone. I think it is great that there are many things already done out-of-the-box by GrapaheOS and wanted to know how are you personally addressing this.

I will start with my approach:

  1. Try to minimize the number of privacy invasive apps (no Facebook, Instagram, TikTok, etc installed)
  2. Install as much as possible apps that are FOSS or done by indie developers, small groups, etc., that do not contain any trackers or as little as possible where this cannot be avoided (e.g. FairMail, SimpleTools, Catima, Markor, NewPipe, etc.).
  3. Use a firewall on the phone (e.g. NetGuard) and block connections to tracking and analytics services. This is painful though as every connection of an app needs to be approved, it is not always clear what are the analytics services and sometimes blocking them breaks the app.
  4. Use privacy friendly services when possible, such as email with a focus on privacy, VPNs, etc.
  5. Use an alternative app store as much as possible, although it is becoming more difficult, as some apps started checking from where they are installed and do not work unless installed from the Google Play Store (I did not test the manual installation method that my overcome this).

What is your approach ?

  • [deleted]

  • Post #2

What do you value more, privacy or security? Because ultimately you can't have them both. They don't necessarily work against each other but are more or less on opposing ends. If you try to build walls around you to protect yourself, you make yourself easily identifiable. And when you try to melt in with the crowd, you involuntarily make yourself vulnerable. Try to achieve the right balance for your ecosystem, you want to live a happy life, not always worrying about what ifs.

To translate this in a human language, use most secure OS and use as few add ons as possible to get the job done. Avoid big players who managed to get tracking and analytics to perfection and are getting better by the day.

Stick to what comes with the OS, and disable redundant or ones you don’t need.

Be a minimalist.

Use a different device (buy a cheap phone) for all the stuff you “need”.

    • [deleted]

    • Post #4

    Blastoidea I agree with the minimalism part. I think though it is still better to run the stuff you need under the most secure OS, albeit in a different profile (or use privacy friendly alternatives). Yet I would still reassess the NEED bit. Sometimes what we think we need is not what we really need. Or is it?

      I agree also with the above. If you want proper privacy (if there is such a thing) there is no point loading your phone with lots of different apps. In my opinion if you want lots of apps you really need to go the Google route to keep up with updates. Personally i think its better to just use what you really need and stay totally open source (Github etc) spending a bit of extra time checking for updates. My opinion only of course!

      • [deleted]

      • Post #6

      Just to add, I can tell that sandbox fans will not contribute here because they don't have a valid point neither from privacy nor security perspective.

        [deleted] can you elaborate on that sandbox fan thing as there is a theory and i dont think it good or bad but there's a core of people who want this OS to go in the google direction just with the sandbox.
        So no Auoura store or un-signed FOSS apps.
        Just a slightly more controlled OS with some better security features.
        I've heard people suggest its controlled opposition.

        I'm still very much happy with the project and ignore such comments!

            • [deleted]

            • Post #8

            HappyCoding my friend, don't take me seriously. At the end of the day what matters is what choices you make. My views are purely personal, I don't wish to steer anybody this way or that. Whatever you decide is what it will be. Along with any consequences. Even going Google free, you can open yourself up to all sorts of vulnerabilities. If you are not happy with any of my comments, just turn a blind eye and shove along.

              Am happy with all comments! Discussion is good.
              I find this whole project and discussion very interesting.

              So my approach for the phone is, that I have my main owner profile on the phone where I only use FOSS apps, installed via F-Droid and several task specific user profiles for tasks. Current user profiles are:

              • Pixel, a profile with full google apps in case I need it for compatiblity (what never really happened in the last 7 months)
              • Shopping, here Amazon and car sharing apps live (no access to SMS, phone or contacts)
              • Banking, for Banking stuff (No access to SMS, phone or contacts)
              • Gaming (No access to SMS, phone or contacts)
              • Access, profile for 2FA apps and apps to access locks on the door on my co working space (No access to SMS, phone or contacts)
              • Streaming, Netflix, Amazon Prime Paramount+ etc (No access to SMS, phone or contacts)
              • Messaging, where Signal, Telegram and WhatsApp live. They only have access to a reduce subset of my contacts.

              But another issue is, where does a phone synchronize to. So my calendar and my contacts are stores on my Nextcloud, running on a server that is here on my desk. It is not directly accessible via the Internet, but via a VPN, to reduce the attack surface.

              I find services such as Pretty Good Phone Privacy very interesting, unfortunatley, this is not available here in Germany, because germany governments demands that a name is stored for every IMSI. https://invisv.com/pgpp/