Android#

GrapheneOS

sim lock?

bluetooth, camera, NFC, location – default off

Use contact and storage scopes

battery saver at 20%

https://www.anonstrategies.com/p/boxes

Shelter – device admin?? – is this the best work profile manager, ¿

Keep notifs to the minimum, disable apps when not in active use.

FLOSS apps via obtainium

Add apkmirror tracking for Google Play apps to know updates

Seperate Google Play Store profile for apps, install through that, need to then install apk in main profile (apkmirror) – so the signature is verified, no issues.

Can just freeze Google stuff after using

Can make the burner gmail with café wifi

I still don’t have a good solution for paid apps from play store, maybe aurora store with compartmentalized gmail but no idea.

Can just see F-droid’s report on the app if you want, I don’t use it to download or install apps now.

tuta for contacts

proton for mail (with sender pgp)

k9 + openkeychain

aegis for 2fa

Simplelogin/addy

antennapod

mpv

Networking

system wide mullvad DNS

orbot on main

proton VPN on work

windscribe on others.

rethinkdns for proxies

openvpn/wiregaurd very rarely.

Backups

syncthing

cryptomator

Comms

signal

telegram

Linphone / cheogram

X

schildichat

Fedilab/Ametheist

coreirc

Banking

local banks

paypal

Wise, Payoneer

Ironvest, coincards, cakepay

applePay

IBKR

Revolut

kraken pro

Envoy

blue wallet

zeusLN

Moneroju

Maps

gmapWV + Organic maps

Aard2 / osmand

KiwiX for zim

Notes

Joplin

Fossify apps notes

thinking about logseq+obsidian, roam shit.

Sec

bitwarden for passkeys

Hypatia

spam blocker

This uses a db but is old, but idk if it’s outdated.

https://gitlab.com/xynngh/YetAnotherCallBlocker/tree/HEAD

Misc

binary eye

xodo with oxygen cut off – ppt, pdf, excel

Mixplorer cut the O2

Orbot

futo keyboard

collabora office only for docs.

Browser for what?

search engine – brave

default – cromite vanadium incognito

Vanadium for high stakes links

mull for shopping lol what jk’ing maybe

mull maintained by divested

https://wiki.mozilla.org/Security/Fennec+Tor_Project

Meta

imagepipe – nice flow for making a private photo to public via cropping, blowing metadata away etc.

eSim support?

does google gets in the way?

Adapter – EID/IMEI/IMSI, esim/vsim/isim, voip? – SIP TLS / SRTP

domain – ECH / eSNI, warp?

Health

bedtime:

• Greyscale ( color correction )
• night light – prob all day.
• extra dim maybe

Highly unlikely

PII from wall

Updates

Updates sometimes are a bit annoying considering I hav a lot of profiles but you can put the realeases in an rss and install whenever you want.

better to just reboot before sleep though.

?

Internet connectivity checks graphene

Attestation key peovisioning grapheme

Widevine provisioning graphene

SUPL PSDS gos proxy

Airport Mobile Checks Mitigation

WARNING – Seedvault backups are app-data only, you have to backup internal storage yourself (the setting has a on-switch for this but its experimental/may break/unreliable)

1. Switch on seedvault backups (type c pen drive / nextcloud) – note each profile has a diff seedvault
2. Enable duress password
3. Input Duress password b4 security check in (make sure you have latest seedvault on pendrive/nextcloud)
4. Do the Onboarding and add a little bit of data to fool the officers
5. After exiting immigration at destination, a. reset again, b. restore from backup (grapheneos has a restore button on fresh, use the pendrive or nextcloud)

This should restore your android FULLY, but you may want to test this whole procedure at-home twice/thrice. (You may want to copy all the internal storage separately on desktop/laptop)

P.S. Ideally keep backup on nextcloud, pendrive & computer as well. (3-2-1 backup strat)