I have to have WhatsApp installed on one of my phones for work purposes. It’s not possible to ask my work to give me a phone (I’m on zero-hours contract). I do have two phones - one DeGoogled pixel running CalyxOS and one iPhone XS. The iPhone I use for banking apps and basically anything that ties directly to me. Apple Pay and so on. Then I use the DeGoogled phone for everything else - most communications done over Signal, taking photos etc. This is my daily driver.

My question is this - is there any way to make WhatsApp as private as possible? I’m fine knowing WhatsApp reads all my messages etc (not really fine per se, but what choice do I have) but what I really don’t want is telemetry. So which phone should I install it on? The private one to limit telemetry, or the regular phone to stop any telemetry from my private phone being read? Or is there some way I can remotely host an instance of WhatsApp or something?

  • count_duckula@discuss.tchncs.de
    link
    fedilink
    arrow-up
    17
    arrow-down
    1
    ·
    7 months ago

    I have a similar setup and decided to install it on my degoogled phone because I definitely wanted to use a VPN to connect to Whatsapp and my other phone is an older Android without the global VPN option.

    I have it completely isolated from my main account by using Shelter from F-droid, installing Aurora store in that sandbox and then installing Whatsapp from Aurora into the work profile created by Shelter.

    This way, my main contacts and media are not accessed by Whatsapp. It does its own separate thing and I have no other apps interacting with it.

      • Nebula@lemmy.mlOP
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        Update: WhatsApp just didn’t want to open whilst in a work environment set up by shelter. Don’t know why. It just hung for a few mins then crashed. Shame! But I think I’ll go with the other suggestion of a Matrix server

        • smeg@feddit.uk
          link
          fedilink
          English
          arrow-up
          2
          ·
          7 months ago

          I don’t know if it works the same way on calyx or stock Android, but GrapheneOS lets you have an entirely separate work profile. You could install WhatsApp (and any other work stuff) on that and have it as isolated as possible from your own stuff.

          • iturnedintoanewt@lemm.ee
            link
            fedilink
            arrow-up
            2
            ·
            7 months ago

            The problem with this setup would be there constant profile switching and the constant screen unlocking. These profiles aren’t too easy to switch/coordinate, IMHO.

            • smeg@feddit.uk
              link
              fedilink
              English
              arrow-up
              3
              ·
              7 months ago

              Really? I’ve always switched very simply by pulling down to the quick settings menu and clicking the user button.

              • iturnedintoanewt@lemm.ee
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                7 months ago

                And then you have to choose the user and go through the login screen/PIN. I mean you can be done in 10-15 seconds each time, but it’s for something as frequently used as a chat app, it really breaks the workflow each time you need go switch apps/users, as compared to, say, hitting the navigation button to switch app twice.

                • smeg@feddit.uk
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  7 months ago

                  OK, well that’s the price you have to pay if you want to keep it isolated. I know I can’t be bothered to do it, but that’s what OP requested!

          • Nebula@lemmy.mlOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            7 months ago

            Yeah that’s what I did but it just didn’t want to work. Never mind!

            • smeg@feddit.uk
              link
              fedilink
              English
              arrow-up
              2
              ·
              7 months ago

              Ah shame. Maybe it needs Play Services (or something to spoof them like MicroG) in the work profile?

        • Atemu@lemmy.ml
          link
          fedilink
          arrow-up
          5
          ·
          7 months ago

          I again fail to see how that helps you in any way when they’ve got a part of your social graph and active times and other much more critical metadata.

    • ikidd@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      It is not trivial to set up, and you still need a phone running whatsapp to re-authenticate it every couple weeks.

      • slacktoid@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        7 months ago

        Run whatsapp on an android vm using quickemu or something and have a vpn for when you need to do that.

        ps. Not denying its not trivial but if youre a stubborn spiteful fool (like me) using that spiteful energy for something this isnt a bad place.

  • Im_old@lemmy.world
    link
    fedilink
    arrow-up
    6
    ·
    7 months ago

    if you need only the chat (i.e. not calls) you could self host an instance of matrix with the whatsapp bridge. In this way you won’t need the whatsapp client on your phone (other than for signing up and connecting the bridge once) and use it througth the matrix client (e.g. element).

    • Scott@lem.free.as
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      7 months ago

      I do this. However, you need to connect using the WhatsApp client every 12 days just to keep it “alive” otherwise WhatsApp servers sign the bridge out.

    • OSH@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      7 months ago

      other than for signing up and connecting the bridge once

      According to the docs, you still need the whatsapp client on a physical or virtual device to call back home every 2 weeks or so, which is really annoying.

      I also tried the route of using a disposable number for the activation code without any success.

  • BearOfaTime@lemm.ee
    link
    fedilink
    arrow-up
    6
    ·
    7 months ago

    What’s “zero hours contract”?

    There are concerns with a company requiring any tool but not providing hardware to use it. That’s bad practice from a corporate perspective, and opens them up to litigation connected to whatever is on that device. This is CTO/CIO Risk Management 101, and why companies provide devices that are heavily restricted.

    • Nebula@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      6
      ·
      7 months ago

      Its a thing in the UK - basically you don’t sign a contract for regular work, but instead are given work ad hoc. My point being there’re not as many rights given to these types of workers, and they especially aren’t going to buy me a phone - never mind give me paid holiday leave or a pension plan.

      Yes youre right its bad practice. But the company I work for really doesn’t care about that. I’m only there temporarily anyways.

    • Nebula@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 months ago

      Very good! I’ve been putting off creating a pi-hole, but it looks like the time has come.

  • ikidd@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    7 months ago

    GrapheneOS let’s you run Whatsapp in a Work profile that’s sandboxed away from your real data. You might have to install something like Insular from Fdroid to manage it.