I missing some guidelines where Privacy Guides gives advice about which app are privacy safe to download from google play.
Apps like
Categories:
music players
office
calendar
agenda
photo editing
etc
where do i find this kind of advice?
2 Likes
Depends on your threat model, but I usually look if it’s open-source, audited and check how many trackers it has on exodus
On GrapheneOS you have control over what storage (if any) and contacts (if any) apps can access.
You see, apps dont need the permission to read your files. Things called “portals” deal with that. Its the default filemanager you see for example when uploading a file in firefox, using “send file” in signal and so on.
But for convenience apps want this permission, for example to show photos in their UI, like Signal and Whatsapp do that.
Both GrapheneOS and IOS have the ability to restrict photo access to certain folders, while the method of GrapheneOS is way better.
Not everything works through portals though, so contact permissions are needed. GrapheneOS now has contact scopes. I am happy I dont need it, but it works and you can tag contacts as “Whatsapp” and only allow this malware to access these tagged Contacts.
There are maaany permissions on Android, most are hidden or bundled. I have no idea what is GrapheneOS and what is Android 13, but there are differences between file types, rough or fine location (GPS or also network),…
Most are hidden anyways, like permissions for seperate ways to connect to the internet, read network state, change network state, keep the device from locking, contacting other apps, and so on. These can only be removed by changing the APKs, so you dont need GrapheneOS to avoid the app phoning home for example.
I did this with LuckyPatcher a while ago, the app is totally shady and needs root but very helpful. Permissions alone can also be easily modded by editing a file and then zipping the app folder again. Apks are zips, renamed.
So without play services or other highly privileged apps I dont worry about proprietary or even cracked apps, but they will never get network permission.
- nova launcher prime (there is a torrent for it)
- google camera
- volume styles
- acr phone
- games
- tools
I would even trust some more apps like FloraIncognita, dict.cc or more. But this is guessing.
Apps you need but dont trust you can easily install in your work profile. No multiple user profiles, no logging in and out, simply install shelter from f-droid, set it up and use a launcher like the default one or Nova, that can open and close it. Open it only when needed.
But just avoid Google play. F-Droid compiles most open source apps. And if you are paranoid and dont care about developers mixing in proprietary blobs, or not compiling them at all themselves, use releases from Github, gitlab, codeberg and so on.
Using “Feeder” or other Feed readers, simply enter the release URL and you get updates for the latest APKs.
Using Termux and my small tool, or on a Linux machine using apksigner, you can control that the apps signature is correct. Do that once, afterwards you can update without problems, as Android only accepts updates with the same signature.
I maintain a list of recommended apps here: Recommended Apps - DivestOS Mobile
It also has detailed comparison tables for browsers and messengers.
9 Likes
Nice to Rethink there. Note: Rethink isn’t just filtering anymore, it can forward connections to any VPN provider that supports WireGuard (ref).
1 Like