[______-]

My smartphone is a simple affair. I have a hardened Firefox as my default browser (uBlock Origin with JS disabled by default with HTTPS-Everywhere addon with EASE turned on).

I keep my app-count to a minimum. There are people who need every app imaginable, but that increases the attack surface of the phone. Try to minimize the amount of apps on your phone please!

Then of course all the usual OPSEC practices like not clicking on suspicious links in Whatsapp, E-mail or SMS always apply. You have to consider the human element of all this. So many people have been owned by fat-fingering some suspicious link in an SMS that then took over their phone.

But there is always the argument that: phones ship with malware anyway so you're pwned either way.

[livre]

You can do a little more if you have root access, like use XPrivacyLua to restrict the amount of data and hardware apps like your browser have access to, and AdAway to block ads globally (protects you from app telemetry that shares data with third parties). You can also run a DoT server and point your phone there to protect your DNS queries from random WiFi networks you may have to connect to, or better run a VPN server and stay connected to it. Also whenever you can, always replace the OS that comes preinstalled with LineageOS (just makes sure everything works for your phone, like the camera and LTE). With the latest LineageOS you can also restrict internet access per app and per network type, though AFWall+ still gives better control over that. For the extremely suspicious apps you can install them on the work profile for extra isolation with Island (Play Store) or Insular (F-Droid).