[jeswin]

The best way to debloat and prevent phones from calling home servers in China is simply by running LineageOS; don't even bother with anything else. I use Lineage on multiple devices (OnePlus, Poco F1), and it's at least as good as plain Android on a Pixel.

Warning: Poco F3 is different from the Poco F3 GT available in some regions - GT uses Mediatek Dimensity 1200 instead of Snapdragon 870. Mediatek SoCs don't work well with LineageOS.

[dave_sullivan]

I ended up on Havoc but I agree the experience is much better than stock.

2 things that make me much less excited about how much control I have:

There is still a xiaomi boot rom running under Havoc or Lineage, I can only assume xiaomi can put anything they want in that, so my phone isn't more secure, it's just less bloated.

Also, once you unlock you can now get access to the phone with a computer, bypassing the password. It becomes physically less secure. I believe there are some full storage encryption options but they seemed very finicky.

Please correct me if I'm wrong with any of the terminology, I last messed with this months ago. Sad that these are our options (walled garden and/or wiretap ourselves).

[sudosysgen]

If you're not using full disk encryption, you're going to be vulnerable to physical attacks no matter what. It does mean the attacker will need 30 more minutes with your phone though.

Just set up encryption. Once it works, it works, so it's worth it.

[zingplex]

Does Android even have a full disk encryption option anymore? Last I heard they moved to file based encryption. I don't know enough to knowledgeably discuss the tradeoffs though.

[sudosysgen]

You're right, from Android 10 onwards it's file based encryption. Still, it can be set up with ROMs and work. The most difficult part is getting the bootloader and recovery to grok the encryption