Android Privacy Setup Review

Questions
1

Threat Model & Goals

Objective:

  1. Avoid or minimise invasive cloud-based AI features where possible.
  2. Reduce exposure to mass surveillance and age verification.
  3. I’m not assuming targeted surveillance by intelligence agencies; I just don’t want to be an easy data harvesting target for big platforms, governments/law enforcement, and data brokers.

Convenience Balance & Constraints: I don’t want to make drastic changes that significantly limit social interaction, convenience, or when the privacy gain starts becoming very minimal compared to the effort, or steps that require flashing a custom OS, self-hosting, or paid services. I’m using the free plans of all the services I mention below. I favour open-source, but don’t strictly need all apps to be open-source, especially if the service is independently audited and widely trusted.

Experience: I’ve only really started being aware and serious about privacy since the start of 2026. I’m an Android-only user.

What I’m Looking For:

  1. Feedback on my threat model and “diminishing returns” approach.
  2. Help designing a long-term privacy stack (VPN, DNS, email, drive, passwords, notes, photos, AI) that I can stick with for years without constant switching.
  3. Opinions on: Proton ecosystem vs diversification and Bitwarden vs Proton Pass vs KeePass

:mobile_phone: Mobile Setup

• Device & OS: OPPO running ColorOS 16

• App Store/Sources: Primarily Google Play Store, but I also use Obtainium for downloading open-source apps and F-Droid Basic as the repository to find open-source apps.

Primary Apps:

• Communication: WhatsApp or Google Messages with RCS

• Email: Proton Mail and Gmail

• Calendar: Proton Calendar

• Contacts: Proton Contacts

• Meetings: Google Meet

• Navigation: OsmAnd or Google Maps

• Cloud/Backup: Filen for most files, Google Drive for non-sensitive files I want easily accessible

• Photo Management: Ente Photos, Aves Libre

• Notes: Notesnook (cloud-synced) and Standard Notes (local/not signed into am account)

• Docs: Onlyoffice or CryptPad

• Tasks: Tasksorg

• Socials: Discord, Matrix (Element), Twitter (X), Mastodon

• Frontends: Redlib (Reddit), LibreTube (YouTube), Metrolist (YouTube Music)

• DNS: Mullvad DoT (Private DNS)

• VPN: Windscribe, though I barely use it

• Email & Aliasing: Proton Pass/SimpleLogin aliases

• Password Manager: Bitwarden (cloud) with KeePassDX backup

• TOTP: Aegis Authenticator (backed up to Filen)

• File Sharing: LocalSend, though in practice, I usually just use WhatsApp because everybody I communicate with uses it

• Browser: Brave for daily browsing and accounts, Cromite for disposable searches, and Tor Browser for more sensitive searches (also tried DDG, Firefox, and IronFox)

• Search Engine: Brave Search (also tried DDG)

• AI: I’ve tried Proton Lumo, Brave Leo, and Duck AI

:red_question_mark: Specific Questions

  1. Is using Mail and VPN from the same company “putting all my eggs in one basket”?
  2. What pros and cons have you noticed for going “all-in” on the Proton ecosystem or diversifying and how much does it affect your workflow, whichever fits you better?
  3. Any thoughts on YT Music clients? There are quite a lot of them but I rarely see them mentioned in reputable privacy sources, maybe because most of them are hobby projects.
  4. Given my situation, how would you design a long-term privacy stack that doesn’t encourage constantly switching between tools?
2

Greetings.

I read your message and I’m responding from my perspective:

I understand your objectives; however, I won’t offer my opinion or anything similar. You’ll have to decide what to do next.

  1. Your profile is basic, based on your argument. You need to focus on yourself first; the tools come later. → How do you do it? → You need to learn how the world works and what the system is really interested in. The system is simply a group of malicious actors behind the technology who seek to violate not only privacy, personal and family security, but also to weaken people by attacking on multiple levels simultaneously.

  2. It’s not possible to design a long-term privacy plan based on your argument. Things change. For example, within an hour or tomorrow, someone working at IVPN or Mullvad could be compromised and silently carry out malicious tasks internally without revealing anything to the public. I’ve only given you a simple example; imagine what a large-scale scenario would be like.

  3. The only thing I liked about Proton AG is the NetShield module or feature from ProtonVPN, although it needs significant improvements. The rest doesn’t appeal to me.

I’ll address your questions to answer them:

  • It depends on how the context, changes, and situation are interpreted. That argument about putting all your eggs in one basket is weak; it’s better to be dynamic and adapt, not static.

  • I’m not betting on it. The Proton ecosystem itself is inconsistent. I already mentioned this in another post here in the community.

  • The browser with ad and tracker blockers → with support for listening to music or video in the background. If that’s not enough for you, download the music to your device and listen to it offline.

  • It’s not possible to design one for the long term. I already explained this.

I’m a threat to the system, and I don’t need to wear a mask to cover my face like people do in videos on YouTube, for example.

My advice to you: you have to learn to navigate, don’t get stuck. The tools will help you, just use them as if they were temporary and switch when you see things are getting dangerous. Peace of mind is better than paralysis.