So I meant to write another post stepping through some of my current phone config choices and other considerations last weekend, but real life got in the way. Anyway here’s a summary of how my phone is currently laid out, including profiles and ‘sandboxing’ (as far as that’s the appropriate term).
Main (Default) Profile
This has my personal everyday apps - but these are all FOSS ones and/or ones I trust, and/or that don’t send any data off the device. Where appropriate they still have permissions and network access restricted, and are normally are at reinforced blocking (even though trusted) in the iodé app… I do not install less trust worthy apps here…
Examples are: Phone, Contacts & SMS apps (Fossify); encrypted Messaging (Molly); Web Browsers (2)¹; password manager; email (e.g. such as Proton or similar for encrypted email and/or Thunderbird for other email); cloud drive (if private - not big tech); VPN; FOSS maps; local (non-streaming) music; health app for smart watch (GadgetBridge), trusted community apps (e.g. Mastodon or Discourse)², and of course the system apps like file manager, iodé, etc…
¹ I have a minimum of two web browsers installed (sometimes 3) because I don’t use my default browser for my main browsing. On my phone I use the iodé browser (Firefox) as my default , so any links I click on in emails or elsewhere open in this, or any random one-off links I need to copy and paste into the browser are done in this.
I then have Brave browser installed as my actual primary browser, but not set as default. I do all my ‘important’ browsing in Brave for accounts I log into, such as sites or forums I access regularly each day, and so on. Both browsers are configured to maximise anonymity and clear some or all of their caches regularly, etc.
Doing this helps further prevent fingerprinting, so those random one-off links I go to see a completely different browser profile to what the regular sites I visit regularly see, and they never see a fingerprint that matches what I use on the sites I log into.
As an aside on my Linux PC I replace Firefox (iodé) with Mullvad browser for my default; for those ad hoc sites (as it has excellent anti-fingerprinting functionality), but I still use Brave for my regular day-to-day browsing.
² This is a bit of a subjective choice and I am regularly going back to revisit if its appropriate to have certain apps in this main profile - if necessary I uninstall them and reinstall into the next profile (see below). Typically they are only here because of being trusted regarding tracking and/or for ease of access (typically if I need notifications) - if either isn’t the case or required then they get moved. Currently I only have 3 apps of this type here.
Work Profile (with Shelter)
So the next profile is the work profile, but I don’t use it for work. As it is my own personal phone and my employer’s IT department don’t have access to it, and I only need 2 basic apps on it for my job, and they are both apps from the same big tech (i.e. Microsoft) I can put them somewhere else - see later.
Instead I use this area for all my untrusted apps; and the less desirable apps that I have to have access to. Shelter is installed and all apps are installed through Shelter by cloning Aurora and F-Droid into the Work Profile and using the cloned stores to install… This then means these are separated from the main profile above (nominally sand-boxed, although that’s probably a term not used completely correctly for phones), and can be easily ‘frozen’ (stopped and isolated) at any time.
These have all permissions and network access restricted wherever possible (only the minimum is granted), and they are always at reinforced blocking in the iodé app incl. extra customised network restrictions where appropriate… They are all kept frozen at all times except when used, but don’t freeze the systems apps, browser or the cloned stores in the profile - as it will cause you issues - just auto freeze the untrusted apps.
Examples are: household utilities (heating, solar power, irrigation, security, networking & network devices, etc), Amazon, EBay³, and similar; plus a cloned copy of iodé browser to provide a web browser inside the work profile for those apps if needed.
³ As of time of writing, as an aside, still haven’t been able to get this to work with reasonable restrictions on it… still trying to determine how much access you need to grant it for it to function 100%. I’m not convinced by Rob’s previous comments in a video that EBay and Amazon apps are fairly innocuous and safe to use; as when it comes to the EBay app at least it has an apparent need for open access.
Private Space
So I have repurposed Private Space to use as my surrogate ‘Work Profile’ - unlike Shelter in the Work Profile above you can’t freeze and unfreeze individual apps here. It’s all or nothing - everything frozen and locked down or everything unfrozen.
However the reason this works for me is that I only have 3 apps in this ‘profile’; and the 2 of them that are my work ones are both Microsoft (i.e. Outlook & Teams) - so it doesn’t matter if one or both are unlocked, they are both going to phone home to the same place when they are. I nearly always have this space locked down, and for work only unlock it if I need to do something, or if I know there’s likely to be comms I need to respond to. As I have my work phone number on the phone I can always be contacted via phone or SMS in actual emergencies, etc, by the business.
The other app I have in here is my personal banking app - which is more what the Private Space is designed for (so you can hide these types of apps and have an extra layer of security). At this stage I consider the risk from the 2 work apps and the banking app being both here together and the ‘evil M corporate’ work apps able to run background processes at the same time I may have my banking app active, etc, minimal. But I do need to research this further - so if you are concerned by it don’t do this on your device!
The 2 Microsoft apps have all permissions and network access restricted wherever possible (only the minimum is granted for them to work), they are never allowed location access, and they are always at reinforced blocking in the iodé app. The banking app is obviously configured as needed for it to work appropriately.
Permissions
Make sure in all cases you lock down permissions and network (internet) access - e.g. hardly any apps need to access Bluetooth (in normal circumstances), and if you will never allow an app to use mobile data and only work on Wi-Fi (e.g. due to data volumes) you can lock down mobile data access for that app too. Basically if unsure experiment with locking down everything and see what the app bleats about and asks for… You can slowly give it back permission for 1 thing at a time from that list, starting with the most obvious thing, until it starts working normally. And you may not need to give it back access to many of the items for it to work.
Notifications
These are particularly insidious, I normally turn off all notifications where possible, especially push ones - and rely on checking the app at my convenience if needed. There’s only a few items you genuinely need notifications for, and enabling them compromises a whole heap of privacy. See the excellent primer posted by @romluk below:
Sandboxing and Shelter App
For more on this see this thread - its not a perfect solution but its what we have at present:
Alternative App List
And finally, as an alternative to my post at the start of this thread, see the alternate list of apps below, again posted by @romluk :