What and Why

This guide explains how to make a burner phone setup specifically for the threat model of protests. There are many reasons to use one such as:

  • protecting your main phone from being damaged or confiscated
  • keeping your main phone setup convenient instead of having to lock it down
  • not having to worry about apps on your main phone doxxing you

Hardware and OS

  1. Get any unlocked android phone, this tutorial will use android because it can be setup without a google account and will work with all the apps I will mention, however if you want to try alternative mobile operating systems, there’s a list of them here
  2. Get a prepaid SIM card, while you still can, I was warned at the store that they will soon require in-store activation, which will deanonymize you
  3. Factory reset the phone and setup without a google account and without biometrics
  4. Add a pin to the SIM card so if stolen it cannot access your texts

Micah Lee has written a more in-depth guide on setting up the phone that I recommend with some caveats:

  • In Micah’s guide he creates a burner google account to use the play store but that’s not necessary if you use Aurora Store
  • In Micah’s guide he uses google photos backup to ensure any photos he takes are backed up even if the phone is destroyed, a more private one way to do this is with syncthing

Apps

App Stores

Screenshot of F-Droid
  • Disable the google play store because it requires a google account to download anything
  • Get F-Droid here
  • From F-Droid download Aurora Store which lets you download google play apps anonymously
  • In the F-Droid settings, enable the Guardian Project repository which has apps like Tor Browser and Orbot

VPNs

  • Riseup VPN is free and doesn’t require an account
  • Orbot, this uses Tor but it can also be used as a VPN
  • You can enable always-on VPN in settings and block unprotected connections
  • Warning: if you use an app like Shelter which uses Android’s work profile feature to hide apps, the apps in the work profile will not be routed through the VPN

Local file access

From the Riot Medicine Field Guide
  • Material Files, a file browser, download this and delete google’s Files app
  • Librera FD, a PDF reader, to read some of the pdfs you should download ahead of time just in case, such as the Riot Medicine Field Guide
  • Loqseq, a notes app
  • Aves Libre, a photo gallery app, delete google Photos and use this instead

Misc

  • Simple Keyboard, replace the google keyboard
  • Libre Camera, a camera app, download this and delete the pre-installed camera app in case it adds location data to pictures
  • AuthPass, a download manager, in case you have to create accounts not linked to your main password manager (you are using one right?)
  • KPassNotes, store notes, encrypted in the same KeePass format
  • OsmAnd~ a client for Open Street Map that lets you download maps offline ahead of time
  • Fossify SMS, replace the default Messages app
  • Survival Manual, useful to have
  • OpenKeychain, for PGP keys, if you create a keypair and store only the public key on your phone then encrypted files cannot be decrypted without the private key

You can comment on this post on Mastodon