Step one should be to install GrapheneOS (or if this isn't Android specific, at least mention it). Don't bother with any other ROM, it's the only one that actually takes security seriously .
No mention of alternative app stores that don't require a Google account e.g. F-Droid Aurora Store.
No mention of user profiles for isolating apps.
Browser hardening section is fine.. But I think mentioning Bromite would be a good idea. It's a chrome-based browser with privacy protections and ad-block built in .
0: https://grapheneos.org/features (list of security features).
My problem with GrapheneOS is that only Pixel devices are officially supported, which makes it a very tight use case in my point of view.
> "GrapheneOS also supports generic targets, but these aren't suitable for production usage and are only intended for development and testing use."
Yes that's fair enough, especially for your guide which again seems to be more general to all mobile phones (which is not a bad thing). Not sure if their website touches on it, but I can see a couple reasons they've gone for Pixel devices only:
- Guaranteed support by google for some time
- Official AOSP source (straight for Google)
- Titan security chips
iPhones for example have had massive security issues in iMessage and still prevents other (more secure) apps to receive SMS. Why?
iPhones could all be targeted with zero click attacks of Pegasus because they have a consistent OS throughout all devices.
Are iPhones bad because of this? - No! But iOS vs Android must not be a religion (same for Windows vs Unix)