i have one profile for apps i neef a lot like browser text call totp passwords etc and i have another for soical apps like lemmy mastadon matrix stuff like that

My setup on GOS

• main profile

  • no play services
  • this what I use most of the time
  • Apps installed via F-droid or Obtanium

• secondary profile

  • using play services and store to install apps (I prefer bank apps to be installed from a trusted source, which Aurora store isn’t IMO)
  • disabled background running on this profile

Additionaly avoid apps as much as possible, use web version when available.

If I need or must have an app I switch to secondary profile, do the business there and end the session.

Activate the private space and move sandboxed google play and any non-foss apps there. You can use separate user profiles to do this, but in practical use, the private space works much more smoothly. The “private space” is a fairly recent addition to GrapheneOS which is why most advice recommends to use multiple user profiles, but take it from me, the private space is much easier to use.

Only use free, open-source apps in the main profile. Installing F-droid to handle your apps works well here.

Alternatively you can install Obtainium to manage your apps. Obtainium can install apps from f-droid or if you are adventurous you can use obtainium to install and update apps from their github repos - but this can be a lot of effort.

For gps navigation Install OsmAnd and familiarize yourself with it and learn how to get it setup to your liking. OsmAnd can be tough at first so get used to it’s limitations. You MUST get in the habit of planning your route before you leave to minimize any problems or surprises.

Go to Signal’s website and find the app download link there, determine the download URL of the .apk file and paste that address into Obtainium as a source address so Obtainium can handle the installation and updates of Signal… Even though it is open source, signal isn’t on the f-droid repo so the only clean way of getting it is from their website. It can be installed from the play store but if you do that, it is possible for the feds to force google to push a compromised update to your phone in-particular.

Remove the sim card and leave it locked away in a drawer at home. There are plenty of places around town where free WiFi is available and very few people are too important to wait for you to return their message. Use a VPN (mullvad) with other peoples WiFi, though. In the Mullvad app’s split tunnelling settings, select show system apps, scroll down to “Captive Portal Login” and exclude it from the VPN connection - without doing this you won’t be able to hit the “I agree to the terms of use” prompt free WiFi connections present to users before allowing internet to connect.

Find a cheap VoIP/SIP provider. Install Linphone as your SIP client so you can make phone calls while out-and-about on free WiFi if the need ever presents itself.

You’ve already got Grapheneos, so the next step would be not using Google play or other Google/Facebook/etc. apps and services.

I have the exact same setup as you lol

You can also use the Aurora Store and not use appls from the playstore.

I also have a separate SIM in here from Redpocket. You could buy the $30 annual plan on ebay with a visa gift card or something to make it slightly more hard to trace you down. And ofc you can use Signal and no log kyc VPN to do your activities.

I think that better than using a VPN I to use an app that protects you from trackers like duckduckgo or rethink DNS

Good luck!