GrapheneOS
- Thread starter void
- Start date
- Status
is to possible to have multiple isolated instances of the same app (not knowing about each other and sharing any common data) and running them at the same time?
like couple of whatsapp apps with different identities or banking app to represent two persons - Android 14 has the App cloner for this which is very convenient
like couple of whatsapp apps with different identities or banking app to represent two persons - Android 14 has the App cloner for this which is very convenient
It really does not make any sense. X.509 client side certificates have been around for decades and are safe. WebAuthn has been supported since Q4 2018 on pretty much all browsers. And then, banks fiddle around with 2FA over SMS and the like while such data is regularly leaked in various ways and then call it secure.
I think you can run it in different profiles. Otherwise, you can use App Cloner or open the APK in Android Studio, change the package name and re-sign it with a test certificate.
I'm stubborn. I say Signal is the only way to reach me. It surprises me how many people actually install Signal just for you when you tell them that. Family and friends is easy because if it's the only way to reach you, they'll install it. For others, I'm a bit machiavellian and tell them things like my phone is too old to install Whatsapp (was true with one of my phones). Or if they call or SMS me, I'll wait a week and say "sorry I missed your text, I never check it, but reach me on Signal and I check that all the time". You can use this trick on Whatsappers too. Just ignore them for a week and tell them you never check it, so they should install Signal to reach you instantly.
Lol. I'll do 27 card readers if I have to! But some apps let you use open source authenticators like Aegis which doesn't spy on you. Maybe some of your banks will let you. Even SMS is better 2FA than bank's bespoke apps. See which ones give you options. I let them send SMS to a number I switch on only for 2FA.
Privacy is never perfect but you can reduce invasion of privcy if you're stubborn with them. One work client wanted me to use some authenticator called Duo. I looked it up and it was as hellish a privacy invasion as you'd expect. I told them I don't use a smartphone, so they let me use SMS. Stubbornness works.
I know, SMS is so not secure but they think it is. Stupid companies. I genuinely feel more secure using just a username and password.
How about sessions and threema? I wonder when proton comes out with a messenger.
Why use Aegis? Just write a script yourself and use proper encryption of the secret.
I have about a dozen banking apps that work without SafetyNet. The few apps that I cannot use on my Pixel, I just download on another device. But the majority works fine. You could also have a look at: https://plexus.techlore.tech.
Yes, I segregate everything by profiles. You can manage app installations centrally. For example, you can enable or disable an already installed app for a specific profile. Although I have to admit, switching profiles can get tedious at times if you're trying to maintain privacy, but it's definitely more secure. You could have a "family" profile with chat apps and personal photos, while another profile stays free of sensitive information but still has the same chat apps for talking to different people.
Another feature I like is SeedVault backups and restore, which lets you create encrypted backups and export them via WebDAV or USB directly from the device. This is especially useful when traveling, as it allows you to wipe your phone on the fly and restore everything later when needed.
this might work with friends and family, perhaps in certain types of business relationship but with this approach you wouldn't survive one single day in Mexico, Dominican republic or Sri Lanka 😀
silly question perhaps as I don't have the experience (yet) but these alternative profiles are not all online, are they? I mean would it work if one needs to be online on all whatsapp clones and respond to new messages?
Not a silly question at all. Once you activate a profile, it stays active until you manually close the session. While the session is active, the profile remains online and continues receiving messages. There's also an explicit option to keep the session running in the background. Additionally, you can configure the main profile to receive notifications from other profiles, so you only need to switch profiles when you want to interact with them directly.
I like Session and I do use it. I also use SimpleX which is probably the leader these days in terms of security. But Signal is the most normie-friendly, its interface is pretty much identical to WhatsApp and normies feel familiar right away. They would be a bit weirded out by the other two (unless mass adoption occurs).
While I don't have direct experience of them yet, I see advantages, compartmentalizing your activities more conveniently from the same device. Right now I fiddle with multiple devices. I don't know if GrapheneOS has this built in (I actually use CalyxOS right now), but use a mac address spoofer too, so phone #165153517981 isn't correlated as having connected at this address + that address. Ideally, you'd get to a point where all calls and texts are done online behind a VPN instead of by phone carrier, but if you're talking about SIMs then I assume like me you still need to use them for now. Just make you're not on a registered contract tied to your identity. PAYG is great.
While I don't recommend this service as I've never used it, the interview gives good info on using your SIM privately:
I don't understand how anyone could go for this... no chance to decide whether it's a honeypot or not
- Status