The 8232 Project

I do not know, sorry. Someone who does know is free to answer this, otherwise you could try researching using some of the sources listed in my previous post, or contact some knowledgeable people such as the GrapheneOS team, Mozilla, etc.

Some good, open source TOTP apps to use are Aegis and Ente Auth.

Chrome sounds more secure

Chromium is not the same as Chrome. I highly suggest reading the previous posts.

yet I don’t want an advertising company looking at my browsing habbits

There are more privacy respecting options such as ungoogled-chromium and Brave (which can be configured to minimize data collection and bloat).

In the end, the choice is yours.

Either option works.

I know, but since we’re referring to permissions here, I wanted to refer to each of them by the permission names.

If anything, I love GrapheneOS for its “Network” permission toggle. It’s nice knowing that my keyboard (or any other unnecessary apps) can’t phone home.

First off, if you’re concerned about phone privacy, consider a custom OS for your phone that respects privacy such as GrapheneOS.

It’s easy to figure out that your device isn’t listening to a constant audio stream 24/7, since that would drain battery and send a lot of noticeable data over the network. However, it is entirely possible to listen for certain keywords as you mentioned, and send them encrypted with another seemingly legitimate packet. There’s no way to be 100% certain, but it is possible in theory without draining too much battery.

The steps you took are good, making sure that apps don’t have any permissions they don’t need. Privacy is a spectrum, so it’s not “all or nothing”. As I mentioned before, if you’re seriously concerned about mobile privacy and want a solution, you can get a custom operating system that can remove any privacy invasive elements. GrapheneOS also allows you to disable the camera and microphone system-wide (although this functionality is present on some other Android builds).

If it eases you any, a lot of these advertisements happen to be coincidence and trigger confirmation bias. It could be that those ads happened to show up by coincidence, or that advertisers managed predicted your interests, or that you got tracked by some other means while downloading the movie. The possibilities are nearly endless.

This depends on what you’re trying to defend against. In my opinion (on GrapheneOS):

• “Accessibility” permission (i.e. full control of the device)
• “Network” permission
• “Modify system settings” permission
• “Install unknown apps” permission
• Any permission that allows apps to communicate with one another (such as a reduced sandbox, file permission, or app communication scopes)

Those are the only permissions that I can think of off the top of my head that could potentially allow an app to phone home. Turning off Wi-Fi for the device does little if the app also has the “Wi-Fi control” permission.

Having worked in penetration testing before, one tool I used to query SQL databases represented unknown characters as an underscore (_) before the character gets brute forced.

Bonus story: I used to set the hostname for my phone as a transparent character, so it wouldn’t visibly show up if someone ever did a network scan. I accidentally fooled myself with this while doing a network scan, and got frustrated why the “mystery device” wouldn’t load a hostname.

A password with 300 bits of entropy would take 1.288×10^(-138) seconds to crack with the Planck Cruncher :)