Pixel 7 with GOS.
1 profile
Google Play sandboxed and Fdroid basic.
No VPNs
Aegis for most of 2fa
Signal and rarely cause forced Whatsapp
PGP, Cryptomator and Syncthing
Strong passwords, aliases everywhere.
Most of basic apps are selfhosted (except email) on my nas + a rpi and protected with authelia+caddy/crowdsec - the fronfacing - and the rest wireguard’ed (vaultwarden, adguard, immich, meshcentral, outline, owncloud OCIS, syncthing, baikal, miniflux etc).
Using yubikeys wherever I can.
Common sense with checking links before clicking bundle
App Stores
Obtainium for most apps
Aurora Store for proprietary apps
F-Droid for discovery of apps (then use Obtainium to get)
Samsung Store ONLY for system apps update
Communication:
Proton Mail App
Proton Mail Webapp (2nd address)
Molly/ Signal (supports SOCKS5/TOR, and has a standalone passlock)
Instagram Web App (one in desktop mode using Brave Beta)
Browsing:
Brave
(Brave Beta)
Mull for uBlock elements picker
Security:
Ente Auth
Bitwarden (auto-fill enabled)
Mullvad and IVPN
Media;
Grayjay for YouTube/Odyssey
Spotify for Music
Movie streaming :fmoviesz.to (easier than to use anti-VPN Netflix, which I have a profile in)
Utilities:
FUTO Voice Recognition (barely use it)
Document Viewer from GitHub
Calculator++
Google Translate WebApp
SimpleLogin webapp
Shopping webapps (painful)
Cloud :
Tresorit
Proton Drive (free plan)
Ente Photos
A few proprietary apps that have no webapp and that I need for daily life.
Do note that I did remove system apps when I had a OSS alternative installed (I removed Messages, Calendar using ADB)
In terms of my devices, I use iOS for personal use and Android for work, specifically with Google Workspace.
Here are the apps I currently use (iOS): no iCloud services!
I was wondering if you recommend uninstalling unused built-in apps in iOS, such as Mail, Calendar, and Podcasts etc. I would appreciate your insights on this matter.
App Stores
Obtainium than for Github repositories
Play store sandboxed
F-Droid Basic
Communication
Proton Mail
Tuta (I’m thinking of switching completely to Proton)
Signal (Finally, my family and friends are migrating more and more)
Whatsapp (No choice)
Telegram (Just for certain channels)
Snapchat (Just to stay connected to others, I don’t take any snap)
Discord
Browsing
Firefox Beta with Startpage and UBO (Loyal to Mozilla, I wouldn’t change)
Vanadium
Tor Browser
Security
Aegis
Bitwarden (Loyal to Bitwarden, I don’t see myself switching to Proton Pass)
Proton Drive
Proton VPN
SimpleLogin
Media
Spotify
LibreTube
Shazam
Maps
Magic Earth (Just excellent)
Organic Maps
Google Maps (Which I rarely use, but if I can’t find it on Organic Maps)
Citymapper
SreetComplete (To contribute to OSM from time to time)
Other
DeepL
HeliBorad (You can configure the BEPO keyboard, which is indispensable)
Feeder
FotMob (to follow soccer)
Pocket
Standard Notes
I’m not the person you’re replying to, but I’ll give you my answer and what I do: yes.
Any app on your phone is a possible entry point. I doubt zero-click attacks like PWNYOURHOME and FINDMYPWN and one that used Calendar would work without those apps installed. Just like iMessage exploits wouldn’t work if you disable iMessage in Settings>Messages>iMessage.
I’ve deleted most of Apple’s apps like Wallet, Find My, FaceTime, etc. I only kept the ones I use like Calculator, Clock, Contacts, Music, etc.
It’s much easier deleting Apple’s apps on iOS and iPadOS than macOS. It is possible but you have to disable System Integrity Protection first. I don’t think that’s recommended though.
Generally, the less apps you have means you have a smaller attack surface. It’s also better for privacy.
Remote attestation with Auditor (before connection to Internet after install).
LTE-only. NFC Always off. Timeouts for Wi-Fi and Bluetooth.
Allow USB peripherals when unlocked only.
Autoreboot 12h + regular manual reboots.
Hardened memory allocator and native code debugging and WebView JIT : 0 exception (except PDF app for JIT).
DCL via memory disabled by default (exceptions : ente, recorder, onlyoffice, Spotify, …)
DCL via storage allowed.
No app has accessibility or device administration.
Apps (installed via Play Store when possible):When no internet access.
Action Dash for screen time.
Addy. io app
Bitwarden
Bura Weather
Ente photos
Feeder for the news.
Libretube for YouTube
Moshidon for Mastodon
Notesnook
NumberHub calculator
OnlyOffice
Organic Maps
Proton Calendar
Proton Mail
My only browser is Vanadium.
Windscribe VPN with R.O.B.E.R.T. (without killswitch so I can pause when needed)
Signal
WhatsApp
Spotify
Google Markup📴
Google Photos📴
Google Clock📴
Google Camera📴
Google Recorder📴
Google Speech services📴
Google Play Services for AR📴
Google Play Services (sandboxed)
Google Play Store
Google (for Lens and Shazam)
Google Translate
Gboard
Google Maps
Google Messages
4 bank-related apps
Komoot
Several apps to rent cars, bikes, taxis…
Public transports app
Some PWAs
I review each apps permission but favor usability. For instance, I let Gboard access internet to use the translate feature + emoji kitchen.
I don’t use 2FA, privacy payment method or VOIP (not available in Europe). I use SMSPool though.
I also use a MacBook.
I store my contacts locally but there are also in Proton (but not all. Proton Contacts is bad).
Apps, listed alphabetically:
AntennaPod
Blue Letter Bible (least invasive of the Bible apps that I actually like)
Brave (primary browser)
(Google) Camera without network permission
Carrion
Gboard without network permission
K-9 Mail (for use with the little Gmail I still have)
Magic Earth
Mull
Obtainium
Google Photos (until I decide if I’m gonna pay for Ente or Proton Unlimited)
Play Store (sandboxed)
Proton Drive (free tier)
Proton Mail (primary email)
Proton Pass (paid tier for unlim email aliases on the fly)
Proton VPN (free tier. Deciding between Proton Unlimited and Mullvad)
Services, by Planning Center (required scheduling app for church workers at my church)
Signal
Slack (temporary while I’m on a project with a team that uses it)
Standard Notes
Tuta Mail (for encrypted contact sync)
Tuta Calendar
WhatsApp (because some people refuse to use signal, and WhatsApp is better than SMS)
of course, all the GrapheneOS preinstalled apps are there too
Love posts like this one. Like it says in the description I would like to know what the community use for their apps and I hope this post gets taken up and everyone updates their setup.
Here goes mine, using a Pixel 6A
Bitwarden
Etar
Signal
WhatsApp (Using this only for my parents who are using this simply out of convenience and would absolutely not switch. As someone said in the posts above, it’s a lot better than SMS)
Vanadium (email, bank logins)
Mull (browsing)
Brave (Mastodon, forum logins)
NextDNS (Used as a profile)
ProtonVPN (free tier, used only for public WiFi)
QuikSMS
Stock Contacts, Dialer, Calc, Clock and Gallery app
GCam (no network)
GBoard (no network, compromised for a usable keyboard with Swipe. Hate big phones. Swipe helps with one hand use. Saves time.)
Futo (using as a secondary keyboard, love the no-network voice-to-text. Will switch to this keyboard as primary as soon as they get their swipe function sorted)
Here Maps (usable and reliable, offline maps)
Breezy Weather
AntennaPod
Joplin
Syncthing
LocalSend
Aegis
Accrescent
Aard2 Dictionary
Obtanium + Fdroid Basic for apps. (Might switch to Fdroid alone sometime in the future. Obtanium can be a chore sometimes when adding links or looking up apps)
I initially used ReadYou and quite liked it. I should probably try it. There was a time last year when I used it for a short while on my brief outing with a custom ROM before I got overwhelmed and crashed. Went back to iOS. Switched back to customROM again this year but this time slowly. Thank you for the suggestion. Do you have a recommendation for an app?
A little context I work at the NAP of Americas in Miami, that being said they gave me the option of using a company supplied Samsung phone or buy my own and be able to provision it using Samsung Knox Manage.
So currently I have a S24 Ultra that I purchased, unfortunately I’m not able to use third-party app stores. I am however able to still use personal apps just like any other phone. I use Protons suite of apps (personal), Samsung apps and several management/monitoring apps for work.
I also have a Huawei P40 Pro with no Google services and a Pixel 8 Pro running GrapheneOS with just the Proton suite of apps and a password manager. Usually I only use the Pixel phone when I go to Defcon or any other related Con.
Almost forgot I do use Tailscale to gain access to my PiHole that runs at home, which was a hassle to get approved at work but after they looked at everything they approved it. But for now my S24 Ultra is my daily driver, been smooth sailing so far.
When no internet access.