I’m working on my privacy and security setup and everything is going well so far, but I have some questions which I could not find reasonable answers for. My knowledge about tech in general is basic, so maybe the concerns are stupid or already explained somewhere but not understandable to me yet.
I have a phone with GrapheneOS. I keep apps to a strict minimum. All are FOSS and somewhat popular, with 1 or 2 being less so. I have experimented with compartmentalization using profiles, however, I chose to keep everything in one user because it was getting annoying. I would like to keep things that way, if possible.
I need to store sensitive personal information in a notes app, which can not be associated with the rest of the content on my phone, such as email account with PII and other apps that identify me. These notes need to be as secure as possible, because I do not want my journal entries and other stuff being found or broken into. However, I would like to keep this app installed in the same profile I use for everything else. Moving things from one profile to another just to put them in the app is something I would like to avoid, as I need to copy and paste a lot.
- I worry about another app being somehow able to access the data inside the notes app, or some possible future vulnerability affecting this process of data storage. I know sandboxing exists, but can it really be trusted? Do you trust it? Do you think another profile is undoubtedly needed for this level of threat, or am I exaggerating?
I have done quite a bit of research on FOSS note-taking apps. However, most of them do not support features I need, such as folder and subfolder organization, image and file attachment and to-do list inside a note. I do not want to create an account, so Notesnook is out (correct me if I’m wrong). Standard Notes is too simple. Feature-wise, Joplin seems to be the best, and I would not sync notes online. Though, from what I read, it looks like local database can not be encrypted, as it only works when syncing.
- Is local database encryption a must, considering my concerns? I do not care about having to enter a long password every time I open the app, if it makes attacks like those almost impossible. But Joplin does not support that feature, as well as many others like Quillpad and Notally (or at least I think so). Does app data stays in a highly secure place, even if not encrypted? Ideally I would use something like a VeraCrypt container, but that is not available for Android and I can not afford a Cryptomator license (…anyone knows about a giveaway for the F-Droid version? it is so important… )
I think Safe Notes looks the safest and has local encryption, which is great for me, but unfortunately does not support the aforementioned features.
- Do you have any app recomendation for my specific use case? Have you went through a similar issue and if yes, what have you done? Which app do you use?
Also, there has to be an option to export them in order to maintain local backups. Real pen and paper is not an option for now.
Uhh… this is unnecessarily huge. I’m so sorry, but I can’t help myself. Thanks for any advice, and you do not have to answer all questions.