Can I trust these apps?

1. What do I want to protect?

I aim to protect the following assets:

• Files, Documents, and Notes: These include personal, sensitive information stored on my device.
• Usage Patterns and Choices/Interests: I want to keep my digital behavior and preferences private.
• Digital Identity: Safeguarding my identity to prevent misuse or theft.

2. Who do I want to protect it from?

My potential adversaries include:

OSINTers, Government, Big-Tech companies

3. How likely is it that I will need to protect it?

The likelihood of needing protection varies:

• High Risk: For sensitive files, documents, and notes(mostly unique project details), where compromise could lead to dire consequences.
• Moderate Risk: For usage patterns and app choices, where single app compromises are less impactful but still concerning.
• Critical Importance: For protecting my digital identity, as identity theft is a severe threat.

4. How bad are the consequences if I fail?

The consequences of failing to protect my assets are severe:

• Identity Theft: Could lead to financial loss, loss of non-patented projects, reputation damage, and legal issues.
• Loss of Confidentiality: Compromise of sensitive files could result in personal or professional repercussions.
• Privacy Breach: Unauthorized access to usage patterns could expose my digital behavior, leading to targeted advertising or surveillance.

5. How much trouble am I willing to go through to prevent potential consequences?

I am willing to:

• Implement Complex Configurations: Use advanced privacy tools and encryption methods.
• Undergo Multiple Layers of Encryption: To ensure robust protection of my data.
• Sacrifice Some Convenience: If it means enhancing security and privacy.

I prefer to stay anonymous and also want to avoid censorship , so I use InviziblePro with Tor and DNSscrypt enabled.

I use File Explorer[File Explorer - IzzyOnDroid F-Droid Repository], Proton drive, EasyNotes[Easy Notes | F-Droid - Free and Open Source Android App Repository] and Notesnook for managing essential assets.

App Evaluations:

1. Book’s-story [Book's Story | F-Droid - Free and Open Source Android App Repository]:

   • Findings: Visually appealing and convenient, but lacks a clear privacy policy and transparency regarding data handling.
   • Question: Given its lack of transparency, is it safe to use for regular book reading?

2. Lichess [lichess | F-Droid - Free and Open Source Android App Repository]:

   • Findings: A free, open-source chess app, but “bound to a certain network service” and contains “no-free media.”
   • Question: Does relying on a network service for a chess app pose a risk to my data security and privacy?

3. TrackerControl [TrackerControl - IzzyOnDroid F-Droid Repository]:

   • Findings: Aims to improve privacy by blocking trackers and optimizing app behavior.
   • Question: Is this app legitimate and effective in protecting against OSINT gatherers and big tech tracking?

4. PHONK [PHONK - IzzyOnDroid F-Droid Repository]:

   • Findings: A coding and simulation app requiring many permissions, raising concerns about excessive data access.
   • Question: Are these permissions necessary, or could they indicate potential misuse?

5. OpenAthena™ [OpenAthena™ for Android | F-Droid - Free and Open Source Android App Repository]:

   • Findings: Promotes non-free network services and has a concerning permission list.
   • Question: Given its promotion of non-free services and permissions, does it introduce risks to the security and privacy of my digital assets?

This reads like a low effort post where you want other users to do all the research for you.

What is your threat model? Trust is going to be relative to that.

What about these apps concerns you? Have you read their privacy policies?

What apps are you currently using and why are you considering replacing them with the ones listed?

Lichess on Fdroid is and old deprecated app and you would be better using the PWA which works quite nicely. There is a new android beta app in development but it’s not full featured yet.

+1, and the new application is better.
Lichess is opensource and community founded.
The presentation
Exodus reports 1 “tracker” used for crash reporting
The permissions are minimal.

These types of posts are frowned upon. Please understand that this forum does not exist to replace doing your own research. Only you can decide whether you believe the aforementioned apps are trustworthy. If you have specific questions about these apps, then we may be able to help you.

I strongly recommend against getting your apps from F-Droid. And you should use apps with more than a handful of users which are also actively maintained.

Got it! What about now?

I’m extremely sorry and sincerely apologize for it. I hope the edited version meets the requirements of self-research & specific questions.

Even with your edits, we don’t really know what you are looking for specifically. Your threat model isn’t a description of the devices you own but rather the actors you are trying to protect yourself against.

Regarding your concerns on “non-free” services or usability, it’s up to you whether these sacrifices are worth the trade-off. You seemed to be concerned about both security and free software, but you might need to make compromises.

Ask yourself questions like: “Can this application function offline?” or “When was the latest update?”

As @KevPham mentioned, you did not really provide a threat model. I think it would be beneficial to you to read through Threat Modeling: The First Step on Your Privacy Journey - Privacy Guides and then come back and edit this post.

I really really hope this one follows the suggestions.

Looks good!

A few things

Maybe look into using Obtainium to get these apps.

As @user1 suggests maybe use a PWA.

You may want to consider a private DNS solution instead. Check DNS Resolvers - Privacy Guides

privacy policy

I don’t know anything about drones but it seems like based on what the app does its going to need a lot of permissions to gather the data.

They do share randomized data that they collect. The app appears to be in beta. Those would be the things to consider, from what I can tell.

What are your thoughts on PHONK and Book’s story?

I’ll reframe it the question to you - what about PHONK and Books story are you unsure about? Is there specifically something unclear, or unsure how to evaluate these entities from the ground up?

I think it might be a good time to learn how to determine if you should trust an app for your use case, and see what specific unknown you are deferring. I’m also thinking is this a skill set that PG could write about in a blog

PHONK is just not at all in my realm so I did not feel comfortable speaking on it. Maybe someone more aware of its use cases or more knowledgeable about phone permissions will speak on it.

Book’s Story links did not work for me. If I was going to use an ebook reader (more of an Audio book on phone type) I would probably just remove all permissions and use it offline (not sure if that works for you). In that case its just about finding an aesthetic that you like.

have you looked at PocketReader or koreader?

Ok, I understood it. What specifcally bothers me about phonk are: Will it leave a penetrable hole in my anonymous network? What are these permission required for exactly? Will they review or do something with my codes(like IdK, feeding the code to AI)? Are they gonna secretly track my activity if leave any door(vulnearablity in my network) open?

Pocket Readers privacy-policy concerns me(they might share data to third-party-services). Koreader isn’t visually appealing to me at all.