In this article, we’ll go over our 7 favorite open source phone apps for Android. Most of them work on both degoogled and regular spyware phones and can be found in the F-Droid store. We’re skipping Signal, Session, and Briar, since we assume you already use them and we’ve covered them elsewhere. You would get a lot out of subscribing for free to our new content by email, by Session messenger, RSS feed, or Nostr.
The 7 are:
1. ClassyShark3xodus
2. andOTP
3. AntennaPod
4. Duress
5. Fake Traveler
6. Scrambled Exif
7.Cheogram
1. ClassyShark3xodus
ClassyShark3xodus is used to detect if another app you have downloaded have spyware or trackers. ClassyShark3xodus scans the app’s code and sees if there are DNS requests or backdoors in it.
When you open ClassyShark3xodus, it will have a list of the other apps on your phone. Just tap on a given app, and ClassyShark3xodus will scan it and tell you its opinion of how many trackers it has. Most open source apps from F-Droid will have 0.
2. andOTP
We mentioned andOTP in our earlier article on 2FA. We recommend doing TOTP 2FA on your computer, but if you insist on using a mobile device, then andOTP is the best for this.
andOTP has a password prompt when you open it, and it allows you to view your secret backup phrase key to transport to a different app or device. The only benefit of using mobile over PC for TOTP 2FA is you can scan the QR code if that’s the only method a registration website gives you.
3. AntennaPod
AntennaPod is an open source podcast app that serves as a front-end for iTunes podcasts and other databases. So if you’d like to search Apple’s library without actually registering or anything, then AntennaPod is good.
AntennaPod lets you download and stream podcasts, and you can clearly see the new ones. Subscriptions are stored locally on your device and not in the Cloud.
The only negative of AntennaPod is that a lot of podcasts will block the use of Tor. If you are using Tor’s Orbot and do a search for a particular podcast, it won’t show you any search results, but you might not realize the reason is because of Tor.
4. Duress
Duress lets you wipe your device when you enter a particular passphrase. Now, we aren’t recommending anyone break any laws and we discourage criminal activity. However, some governments in some countries around the world may act illegally or against their own constitution to search devices they are not permitted to. Therefore, to honor and respect these human rights laws, as well as to protect potential whistleblowers globally, we will discuss Duress.
Duress lets you pick a second password that, when entered into the phone’s unlock prompt, actually wipes the device clean of all of its data. Please be extremely careful not to use this accidentally and make sure you have backups of any important data you need to save.
If you need to save a backup, we recommend Veracrypt for computers.
5. Fake Traveler
Some apps require GPS location, even when you don’t want to reveal it. Fake Traveler allows you to spoof your location to a place of your choosing to fool apps into thinking you’re there.
Some apps, such as mobile banking apps, will be able to tell you’re using a location spoofer. While they most likely will not be able to see your real location, they may potentially deny you service until you turn off the spoofer.
Please be advised that some apps, such as large, well-funded corporations’ mobile banking apps, will be able to tell you’re using a location spoofer. While they most likely can not see your real location, they may potentially deny you service until you turn it off.
Legal Disclaimer: We discourage bank fraud and clearly stated that this would NOT work for banks. We provide this as educational material to enable you to be in better compliance.
6. Scrambled Exif
Smartphones have a dumb feature that automatically tags a picture with its GPS location in its metadata. This metadata is known as “Exif.” So when you share a picture with someone, depending on the platform, either the receiver or the platform itself can see your physical location.
Because this is such a dangerous security risk, many social media platforms, such as Facebook and Instagram, remove this information automatically before it’s publicly broadcast. However, you’ve now revealed the information to the social media platform.
If you put the images directly on your own website or a less secure platform, then it may be “leaking” the GPS location to the general public, which is a huge security risk.
Scrambled Exif allows you to remove the metadata right on your phone before you send it. This convenient and easy-to-use app can protect your privacy and security.
7. Cheogram
Cheogram is an open source XMPP client for Android –a client means software that interfaces with the standard server protocol. Cheogram was created by the JMB.chat team to be used with their service, but Cheogram can do any XMPP chat. We covered JMB.chat in our previous article on how to get anonymous phone numbers found here.
Cheogram has a great user interface, and it’s reliable and easy to use. Cheogram lets you add or disconnect multiple different accounts all within the same chat feed. So if you wanted to disconnect each account and come from a different Tor or VPN IP address, you can easily do this through Cheogram. On the other hand, if you have your own XMPP server or don’t care about them all using the same IP address, then you can have all your accounts online in the same feed at once.
Overall though there’s not that much about Cheogram that can’t be found in other open source XMPP clients, but we still like the user experience and recommend it.
Conclusion
Always use open source alternatives if one exists, but all of these apps are a waste if you don’t have a degoogled phone, which we covered here. You can learn about the best new open source software by subscribing for free to our new content by email, by Session messenger, RSS feed, or Nostr.