For very high security requirements, you should use as few apps as possible to provide a small attack surface. If instead you want to use the NitroPhone as an everyday smartphone with more apps we recommend:
Install the F-Droid App Store. This has exclusively open source apps that do without drastic tracking and without advertising. Here you will find thousands of apps from a wide variety of fields. If you are looking for an app, check F-Droid first.
If the apps in F-Droid are not enough for you, open F-Droid and install Aurora Store. In Aurora Store, you can install all apps from Google Play Store.
Many apps work without Google Play Services. However, if you want to use apps that require Google Play Services, you can install Google Play Services in a sandbox as follows.
Open Graphenes app repository client: Home screen -> Apps
Install the 3 core Google Play Apps (“Google Play store”, “Google Play Services”, “Google Services Framework”).
Disable batterie optimization for Google Play Services (for Push to work properly). From the home screen, select: Settings -> Apps -> Google Play services > Battery > Unrestricted
Open the Google Play Store once and press “Sign in” to start the initialization. You don’t have to finish the sign in and a real login is not necessary. This is solely to initialize the software.
To prevent some apps from accessing Google Play Services, install Google Play Services in a separate profile. To do this, create a new dedicated user profile and install the Google Play Services there. Using a work profile together with Shelter is also possible, but without as much isolation.
The Google Play Store cannot install and update apps due to the sandbox. Instead, always use F-Droid (for open source apps) or Aurora Store (for apps from Google Play Store) to install apps.
Earlier there was a list, but as the Play Service implementation progresses, most of the apps should work, although there are still some not working, a list will be available here.
There is a list for compatible banking apps, too. Click onto the “Report” link behind the regarding banking app to see in which environment it is supported.
Pixel 4a refers to the NitroPhone 1
Pixel 6 refers to the NitroPhone 2
Pixel 6 Pro refers to the NitroPhone 2 Pro
Browser: The pre-installed browser Vanadium is hardened and therefore recommended for high security. For better ad blocking, Bromite browser is recommended instead.
Email: K9-mail and OpenKeyChain (for OpenPGP encryption) or FairEmail.
VPN: Orbot uses the free TOR network. Mullvad VPN and IVPN are paid VPN services.
Backup: The integrated backup (Seedvault) and Nextcloud. Choose Settings -> System -> Backup.
Signal is secure and now widely used. It can also be downloaded without an app store.
Briar is a peer-to-peer messenger without any server at all, which can be used without internet with contacts nearby.
Contacts and calendar synchronization: DAVx5 supports CalDAV, CardDAV and WebCAL.
One-time password generator (2FA, OTP): Aegis Authenticator.
Regarding camera app, see here.
Permissions of Individual Apps#
To check or change the permissions on network access and sensors for a specific app:
Long press on the respective app icon -> app info -> permissions