This is my current grapheneOS setup.
I have three distinct profiles on my phone, each serving a specific purpose.
๐ ๐ฎ๐ถ๐ป ๐ฃ๐ฟ๐ผ๐ณ๐ถ๐น๐ฒ: This is my daily driver, free and ~opensource apps only. It has everything I need for my daily needs. For ~privacy reasons, I've excluded ~bitcoin and ~nostr related applications from this profile to maintain a low-profile and avoid leaking my online identity if someone were to snatch the phone out of my hands.
๐๐ฒ๐ฐ๐ผ๐ ๐ฃ๐ฟ๐ผ๐ณ๐ถ๐น๐ฒ: This secondary profile is designed as a decoy. I've installed a bunch of normie apps to make it more realistic, and some closed-source ones that I occasionally need. I rarely use this profile. I only switch to it when absolutely necessary, if you know what I mean.
๐๐๐ฝ๐ต๐ฒ๐ฟ๐ฝ๐๐ป๐ธ ๐ฃ๐ฟ๐ผ๐ณ๐ถ๐น๐ฒ: This is where my true online identity lies, and where all the bitcoin and nostr apps reside. TOR, E2E chats, secret notes, and files are all here. I only access this profile when I'm alone and confident it's safe to do so.
-
All profiles have different passwords, obviously. Fingerprint disabled. And I've customized the color scheme of the menus for each one of them, so I can easily tell which profile I'm on.
-
While inside the Decoy Profile, you cannot see the installed apps from the other two profiles, but you can see that there are indeed two additional profiles on the device. I've taken extra steps to obscure this information by changing the profile picture on all three profiles to solid dark color that blends with the UI, and removed the profile names by using a invisible character, making them appear identical (i know it's not 100% fool proof but it's the best we can do).
-
All profiles have a pure black wallpaper, and the home screen has no icons, folders or widgets (except on the Decoy Profile). To access an app, I simply scroll up and open it from the default drawer, which displays all installed apps on that profile. This approach saves battery life and adds a slight bit of privacy.
-
Each profile has its own VPN running continuously, using different IP addresses, with killswitch turned on. All my free and open-source apps are installed via Obtainium (aka downloads straight from the source). The closed-source 'normie' apps used in the Decoy Profile are from the Aurora Store (aka downloads from Play Store without needing an account).
-
Every app installed has most of its permissions stripped away, leaving only the absolute minimum required. Storage and contact scopes are always used.
-
Microphone, camera, NFC, bluetooth and location services, always turned off, unless absolutely needed for a brief moment.
-
Finally, I have disabled auto-updates on all apps and the operating system itself (by disabling 'System Updater' app). I want to be in control of my device, I choose when to update. I can't risk crowdstrike-like updates, so I wait a few days before updating.
SIGGY โ