I have to have WhatsApp installed on one of my phones for work purposes. It’s not possible to ask my work to give me a phone (I’m on zero-hours contract). I do have two phones - one DeGoogled pixel running CalyxOS and one iPhone XS. The iPhone I use for banking apps and basically anything that ties directly to me. Apple Pay and so on. Then I use the DeGoogled phone for everything else - most communications done over Signal, taking photos etc. This is my daily driver.
My question is this - is there any way to make WhatsApp as private as possible? I’m fine knowing WhatsApp reads all my messages etc (not really fine per se, but what choice do I have) but what I really don’t want is telemetry. So which phone should I install it on? The private one to limit telemetry, or the regular phone to stop any telemetry from my private phone being read? Or is there some way I can remotely host an instance of WhatsApp or something?
I have a similar setup and decided to install it on my degoogled phone because I definitely wanted to use a VPN to connect to Whatsapp and my other phone is an older Android without the global VPN option.
I have it completely isolated from my main account by using Shelter from F-droid, installing Aurora store in that sandbox and then installing Whatsapp from Aurora into the work profile created by Shelter.
This way, my main contacts and media are not accessed by Whatsapp. It does its own separate thing and I have no other apps interacting with it.
Yes that’s a great idea! I will do that, thank you.
Update: WhatsApp just didn’t want to open whilst in a work environment set up by shelter. Don’t know why. It just hung for a few mins then crashed. Shame! But I think I’ll go with the other suggestion of a Matrix server
I don’t know if it works the same way on calyx or stock Android, but GrapheneOS lets you have an entirely separate work profile. You could install WhatsApp (and any other work stuff) on that and have it as isolated as possible from your own stuff.
The problem with this setup would be there constant profile switching and the constant screen unlocking. These profiles aren’t too easy to switch/coordinate, IMHO.
Really? I’ve always switched very simply by pulling down to the quick settings menu and clicking the user button.
And then you have to choose the user and go through the login screen/PIN. I mean you can be done in 10-15 seconds each time, but it’s for something as frequently used as a chat app, it really breaks the workflow each time you need go switch apps/users, as compared to, say, hitting the navigation button to switch app twice.
OK, well that’s the price you have to pay if you want to keep it isolated. I know I can’t be bothered to do it, but that’s what OP requested!
Yeah that’s what I did but it just didn’t want to work. Never mind!
Ah shame. Maybe it needs Play Services (or something to spoof them like MicroG) in the work profile?
I fail to see any benefit in a VPN proxy for WhatsApp.
Meta scum don’t get my IP? Its better than nothing
I again fail to see how that helps you in any way when they’ve got a part of your social graph and active times and other much more critical metadata.
You can setup a matrix server and use whatsapp via a bridge.
It is not trivial to set up, and you still need a phone running whatsapp to re-authenticate it every couple weeks.
Run whatsapp on an android vm using quickemu or something and have a vpn for when you need to do that.
ps. Not denying its not trivial but if youre a stubborn spiteful fool (like me) using that spiteful energy for something this isnt a bad place.
if you need only the chat (i.e. not calls) you could self host an instance of matrix with the whatsapp bridge. In this way you won’t need the whatsapp client on your phone (other than for signing up and connecting the bridge once) and use it througth the matrix client (e.g. element).
I do this. However, you need to connect using the WhatsApp client every 12 days just to keep it “alive” otherwise WhatsApp servers sign the bridge out.
This is perfect! Exactly what I’m looking for, thank you.
other than for signing up and connecting the bridge once
According to the docs, you still need the whatsapp client on a physical or virtual device to call back home every 2 weeks or so, which is really annoying.
I also tried the route of using a disposable number for the activation code without any success.
didn’t know that. Thank you for the useful info!
What’s “zero hours contract”?
There are concerns with a company requiring any tool but not providing hardware to use it. That’s bad practice from a corporate perspective, and opens them up to litigation connected to whatever is on that device. This is CTO/CIO Risk Management 101, and why companies provide devices that are heavily restricted.
Its a thing in the UK - basically you don’t sign a contract for regular work, but instead are given work ad hoc. My point being there’re not as many rights given to these types of workers, and they especially aren’t going to buy me a phone - never mind give me paid holiday leave or a pension plan.
Yes youre right its bad practice. But the company I work for really doesn’t care about that. I’m only there temporarily anyways.
If telemetry is only what bothers you, you should be able to block it. Pi-hole can block telemetry so you should be able to do this with some app too for example https://f-droid.org/en/packages/org.jak_linux.dns66 and https://nextdns.io
Very good! I’ve been putting off creating a pi-hole, but it looks like the time has come.
GrapheneOS let’s you run Whatsapp in a Work profile that’s sandboxed away from your real data. You might have to install something like Insular from Fdroid to manage it.