What are your thoughts on GrapheneOS? It’s a custom version of Android that is far more secure and private than anything else out there. The only downside is that it only works on Google Pixel phones. For good reason though, as explained in their FAQ. TLDR, that comes down to hardware security features.
With many of us being activists and with state sponsored malware like Pegasus out there, we should probably step up our game to protect ourselves. Especially with Pegasus being Israeli malware, the current situation will probably incentivize even more attacks.
Other than iOS with lockdown mode enabled and perhaps DivestOS (which applies some of Graphene’s security features but not all of them), everything else is a complete security disaster according to the GrapheneOS devs. So are all desktop operating systems.
Depends on your threat model, and whether you prefer security or privacy. GrapheneOS doesn’t seem too bothered by Google, and is more interested in security aspects. Because of that, you can also install sandboxed Play Store, but from a “privacy” point of view the default permission sets provided to it are still enough to give away a substantial deal about yourself and device usage. That being said, I do use GrapheneOS currently, without Google Play installed, only using applications provided by F-Droid. But this isn’t for everyone. There’s other “friendlier” projects out there too, take a look at: https://e.foundation/e-os/. With all this in mind, owning a smart phone, period, regardless of how “secure,” it is, will not save you from a state actor that has enough investment and time to monitor you. If you truly are a target of interest, then nothing aside from hiding several hundred km underground, and even then, will probably save you from these kinds of threats.
Addendum edit: Security is a slippery word here. As long as firmware blobs and certain pieces of software are proprietary, you have no underlying way to audit how your phone functions. For all you know, the blobs shipped for the Pixel on GrapheneOS or Calyx have a backdoor from Google. Never “trust” your phone, and if you truly want to be a “challenge” to local agencies, your only option is to throw away your phone. At the very least, never bring your phone to protests. Never state your intentions or communicate with fellow activists, over that device, if you are worried about security/privacy implications. Always be amnesic, don’t leave a trace on any devices, (no, I don’t mean deleting files or conversations (you risk leaving forensic trails), I mean carrying around a live stick like tails that will go poof after a restart) don’t state your intentions online, if you are absolutely serious about avoiding state actors, or if you suspect they are after you. For the majority of protestors, I’d say capitalist states do not perceive us as a “threat” unless we truly engaged in something radical (let’s say you became the next RAF). Punishment is more of a public spectacle, and most authorities won’t bother to investigate your device for the most part given the legal implications and proceedings involved in doing such a thing. That aside it’s still a good idea to take some mitigations, but don’t go too far down the rabbit hole I’d say, because at some point you will take away your ability to operate or even spread the word in this capitalist hellhole, given that most people engage on social media or at the very least, own a phone themselves. Strength in numbers, being a part of mass organizations already makes it hard enough for authorities to care about “individual” threats.