Some essential high Threatmodel privacy apps for Android, and some recommendations.
Following: Vanadium, Sentry, Duress,
Keepass App for iOS (only standard 3 supported!)
Native Keepass App for MacOS
Desktop Operating systems
The only transparent and private Operating Systems are Open source, so they are Linux, BSD, Android-based Desktops, ... not Windows or macOS, even though they say they are secure.
High security: Tails, QubesOS + Whonix
Normal security: Any common Linux Distribution with good Apps and some Hardening (Ubuntu, Fedora, Debian, SUSE, Manjaro, Arch, Deepin, ...)
Number 1, excellent privacy, security, anonymity
Complex and very secure, based on containerizing everything to not leak any data
integrated into QubesOS, can be run as a VM on other OSses too. Consists of 2 virtual machines, the Gateway, that only channels outgoing traffic to the Tor network, and the main virtual machine with all the data. They dont know anything more about each other, for security reasons.
Lots of Variants, KDE, GNOME, Silverblue/Kionite are made for Flatpak use (Flatpaks are not yet ready to be called secure!), RockyLinux is also based on RedHatEnterprise Linux and replaces the former CentOS, which is more stable than fedora, no bugs, but older,
KDE, LXDE, XCFE, standard GNOME desktops, then there is Linux Mint, the parent Debian, KDE Neon, Vanilla Linux and more, all Debian or even Ubuntu based
GrapheneOS is the safest, it is optimized in many parts and the development focuses on security a lot. If you want to wipe your devices data on demand, it doesnt matter what custom OS you have, but it should be tracker-free.
If the Bootloader is unlocked, people can wipe and reinstall your device. Shouldnt be easier to get your data though.
Place 1, most secure mobile OS available
Pro: very secure, relockable Bootloader, signed, hardened, lots of profiles, new updates (Android 13 currently)
Con: you need to fund a tracking company (Google), no customization
if you own a Pixel, get it! Installation is extremely easy (just 2 downloads and one klick on a script, if you dont use a Chromium-based Browser). Be careful about the security update span! https://grapheneos.org/faq#device-lifetime
Place 2: Another AOSP fork, runs only on Pixel phones, less secure then GrapheneOS but more customizable. Relockable Bootloader.
Place 3: Privacy optimized AOSP variant with relockable Bootloader and regular updates.
Place 4: The most common custom ROM for Android, it is AOSP (Android Open Source Version) with minor additions. If you want fast network-based location, Google-services or Google-push, get "Lineage for microg".
Dont install Google apps as system apps onto it, if you should really need them, they can be installed as normal apps from the Playstore.
LineageOS is very customziable, but not very secure. The internet block for apps may be insecure. The Bootloader cant be locked, so anyone can wipe your device.
Another Android variant.
There are many tools you may use (a secure and private Browser!):
Desktop: Librewolf, Firefox (After configuration), Brave (after Configuration), Tor-Browser
Mobile: Mull, Bromite, Vanadium, Fennec, Tor-Browser
iOS: Firefox, Onion-Browser (they have to use Safaris engine though)
.onion adress, useful for creating a really secure (free) mail. Situated in switzerland. If you dont have to pay them, they cant know who you are.
You can pay by cash, they are really focussed on privacy, transparency and security, situated in Germany though.
Mail provider, funded by Donations. In the USA though.
This is less convenient as Nextcloud, but you dont havr to trust the server provider
If you have your own, this is a really comfortable solution. Only secure on an encrypted server with panic-mode (auto turning off)
Another encrypted Videochat
Way better F-Droid store. Lots of repositories preconfigured, new session installer method and fast downloads.
A customizable keyboard that has an integrated clipboard and the option to turn off user adaption at all. The keyboard can read everything you type, in every browser and messenger, so this is essential. Apps cant read the internal clipboard of Florisboard too, you have to activate it in the settings.
Configurable through your internet settings. DONT USE GOOGLES PRECONFIGURED DNS! This is also the case on LineageOS!
Otherwise every website you open will be processed by Google, of course this makes you transparent.
Extremely good Camera app, has a ton of features. You can configure GPS tag on images, but they still contain your device name so use it with Imagepipe / Scrambled Exif when sharing.
Firefox is the only common browser without a complete tracking company behind it. Prefer Firefox over Chromium-based ones, as Chromium breaks the liberty of the internet. In a dystopian future, if a site only works on Chromium, thats just how it is.
If you dont know how to harden Firefox, just take Librewolf. It works normally, but all the nessecary security changes are already added.
Fastest updates, and a good browser. Using the Arkenfox modifications and the Addon "NoScript", you can make it very secure. If you dont want to check changes and set settings manually, use Librewolf.
Hardened Firefox mobile, very secure for what it can. Most private browser for mobile apart from Tor-browser, still pretty fast
Desktop: Available for all Linux distributions, as a binary install and Flatpak. Integrated into Tails and Whonix.
For Android you get it from the Guardian projects repo through Droid-ify. It is limited to what hardening you can apply to Firefox mobile, not as secure as Tor for Desktop!
Based on Chromium, hardened for privacy. No addon support, no customizability, no expert configs, no custom search engines, but Tabs are isolated from each other, so it is more secure than Firefox mobile. Security vs. Privacy is the problem on Android at the moment.
"Tor Browser" for iOS. The only one you should use, there are a lot of duplicates! Doesnt allow video and audio because of Apple insecuritites.
Send encrypted SMS like it was Signal! Only works on Android and if the partner uses the app too. A Fork of Signal, which supported that in the past. It got dropped, because SMS is not private at all, only the content is!
Very easy to use but powerful App for the Matrix protocol. Dont let it fool you, "matrix.org" is not "the Element server", there are hundreds, and you should choose one of them! https://joinmatrix.org/servers/
Awesome Messenger supporting Android and Linux (Flatpak). Works through Bluetooth too and has a lot of security features.
In theory very secure. At the moment you cant delete sent messages from the blockchain, so dont use it!
Secure easy to use mail client that can use PGP (OpenKeyChain) for encryption and signing
Easy to use PGP app. Import your private keys, encrypt and decrypt files and more.
Keepass Password manager that even supports fingerprint and can fill out forms in most browsers. (Firefox based work). Very good interface. Allows easy strong password creation and management. You nedd a password manager!
Very easy creation of an AES encrypted drive, that you open with a password and store wherever you want. Has an inbuilt camera, media viewer and more. Importing files or folders automatically asks to delete them on the unencrypted storage.
Encrypt your cloud backups. Theoretically allows usinf whatever provider you want as everything online is encrypted. Prefer an encrypted backup for double security though (like Mega)
2FA, secured by a password, unlockable by fingerprint
Tools to hide you, your data, your traffic e.g. The best ones need root (or a custom Operating system) and may cause speed problems.
Like Orbot but way more complex. Allows DNSCrypt and I2P proxying too.
Channel apps traffic through the Tor proxy. Doesnt have much sense if you use tracking apps like Instagram or login to accounts.
Most trustworthy VPN provider with Monero ability and no email or phone number requirement.
Some apps to use, either for privacy-respecting services, or better frontends for established networks like Instagram, that limit tracking.
A good app for Mastodon, the decentralized social network ("Twitter alternative")
An app for the Reddit Alternative Lemmy
A privacy-respecting app for the feature-rich decentralized image sharing Platform Pixelfed ("Instagram alternative")
Some apps are aweful, while their services are needed. You can often use them in a browser, but apps have advantages like subscriptions, settings, speed e.g. These Apps minimize tracking!
Awesome private frontend for Google translate. Recognizes text from images (that explains the big size), randomizes simplytranslate instances (servers) and allows autodetect.
Travel with Trains& Busses without being tracked for example by "DB Navigator" e.g.
Google Maps, Google Drive, Google Play services, Windows Connect (or how its called?), you dont need that.
(OSMAnd~ from F-Droid)
Best opensource Openstreetmap navigation app with a ton of features. You can configure everything how you want it, the presets are good too though. Create your own routing files, use online routing, develop plugins,... its very open.
Decentral file-synchronisation between your devices, no servers, easy setup. Works on all platforms.
- Install on both devices
- Show QR code of other device and scan with your phone
- Say what folders should be synced and how
Managing app for the android work profile, to isolate apps from the main storage. These apps can use contact and storage permissions without being able to stalk you. Very important for everyone.
Remove Exif metadata from images through the share dialogue, before sending them. This could be your GPS location, device model or other identifying values.
Same purpose as ScrambledExif but with powerful JPEG compression integrated to make images smaller
Lock a device and wipe its data on emergency.
You can use PanicKit, tile, shortcut or send a message with a secret code. On trigger, using Device Administration API, it locks a device and optionally runs wipe.
Also you can:
- fire when a device was not unlocked for X time
- fire when a USB data connection is made while a device is locked
- fire when a fake messenger app is launched
- fire when a duress password is entered (companion app: Duress)
The app works in Work Profile too. Use it to install risky apps and Wasted in it. Then you can wipe this profile data with one click without wiping the whole device.
Only encrypted device may guarantee that the data will not be recoverable.
- action: me.lucky.wasted.action.TRIGGER
- receiver: me.lucky.wasted/.TriggerReceiver
- also you have to send a secret code from Wasted with the key: code
- DEVICE_ADMIN - lock and optionally wipe a device
- FOREGROUND_SERVICE - receive lock and USB state events
- RECEIVE_BOOT_COMPLETED - persist lock job and foreground service across reboots
It is Free Open Source Software. License: GPL-3
Search the surrounding for GPS-tracking devices that may be used for surveilling you. The chance of it being used is pretty low most of the time, so be sure about your threat model, the app is beautiful anyways.