A little context I work at the NAP of Americas in Miami, that being said they gave me the option of using a company supplied Samsung phone or buy my own and be able to provision it using Samsung Knox Manage.
So currently I have a S24 Ultra that I purchased, unfortunately I’m not able to use third-party app stores. I am however able to still use personal apps just like any other phone. I use Protons suite of apps (personal), Samsung apps and several management/monitoring apps for work.
I also have a Huawei P40 Pro with no Google services and a Pixel 8 Pro running GrapheneOS with just the Proton suite of apps and a password manager. Usually I only use the Pixel phone when I go to Defcon or any other related Con.
Almost forgot I do use Tailscale to gain access to my PiHole that runs at home, which was a hassle to get approved at work but after they looked at everything they approved it. But for now my S24 Ultra is my daily driver, been smooth sailing so far.
Pixel6a GraopheneOS (but will change to iPhone and apple watch some time in the future)
I live in the EU
Owner profile and gplay
Fdroid
mullvadvpn
nextdns
Protonmail
Simplelogin
etar
collaboraoffice
nextcloud via thegoodcloud
signal
Ticktick
Fb messenger throwaway e2ee
Instagram Web throwaway for memes
A bunch of car/parking/bus apps
Banking apps
Spotify
I have configured my pixel 9 with security as the main objective and privacy as the second, according to option 1 below, but after new insights I actually want to switch to configuration option 2.
But is configuration option 2 wise, I feel like I am overlooking something?
Option 2 means that all stores and app updates go through the “owner user” and the other users are assigned the required apps from within user management. Only the “owner user” is logged in with a Google account in Play Store, the other users are only assigned Google Play Services.
Vpn is still on my Todo list.
Current configuration 1 (always default random MAC), in addition to the default GrapheneOS apps: Owner user
Accrescent
NeoStore (instead of fdroid)
Obtainium
Heliboard
FairEmail
Tuta Mail
Proton Mail
Proton Drive (for sharing some files between users on pixel 9)
Joplin
Newpipe
Bitwarden
Organic Maps
Etar Calendar
DAVx⁵
Feeder
Pdf doc scan
Signal
Mull
Social user
Google PlayStore (logged in)
Heliboard
Whatsapp
Telegram (so bad)
Netflix (so bad)
Newpipe
Proton Drive
SoundCloud
HEOS (for AVR)
Marantz (remote control AVR)
Bitwarden
School apps
Mull
Financial user
Google PlayStore (logged in)
Heliboard
Bank apps (Required for confirmation)
Proton Drive
Aegis
Bitwarden
Mull
Desired configuration 2 (random MAC per network) where the “main user” is the default daily user, but wondering if this configuration is wise with possible future app update issues: Owner user
Google PlayStore (logged in Google account)
Accrescent
NeoStore
Obtainium
Heliboard
FairEmail (No network/sensor usage)
Tuta Mail (No network/sensor usage)
Joplin (No network/sensor usage)
Telegram (No network/sensor usage)
Netflix (No network/sensor usage)
Newpipe (No network/sensor usage)
Bitwarden (No network/sensor usage)
Organic Maps (No network/sensor usage)
Whatsapp (No network/sensor usage)
Proton Mail (No network/sensor usage)
Proton Drive (No network/sensor usage)
SoundCloud (No network/sensor usage)
HEOS (No network/sensor usage)
Marantz (No network/sensor usage)
Bank apps (No network/sensor usage)
Aegis (No network/sensor usage)
Etar Calendar (No network/sensor usage)
DAVx⁵ (No network/sensor usage)
Feeder (No network/sensor usage)
Pdf doc scan (No network/sensor usage)
Signal (No network/sensor usage)
School apps (No network/sensor usage)
Mull (No network/sensor usage)
Main user with apps assigned
No Google services
Heliboard
FairEmail
Tuta Mail
Proton Mail
Proton Drive
Joplin
Newpipe
Bitwarden
Organic Maps
Etar Agenda
DAVx⁵
Feeder
Pdf doc scan
Signal
Mull
Social user with apps assigned
Google Services (no logged-in Google account)
Heliboard
Whatsapp
Newpipe
Telegram
Netflix
Proton Drive
SoundCloud
HEOS
Marantz
Bitwarden
School apps
Mull
Financial user with assigned apps
Google Services (no Google account logged in)
Heliboard
(Mandatory) Bank apps
Proton Drive
Aegis (maybe this should also be active with other pixel 9 users?)
