Came here to post this. The guide has nothing to do with actual hardening. Recommending those apps is borderline idiot's assumption of what security is.
I'd rather recommend to check the postmarketos wiki for supported devices, check what's the latest upstream aosp builds (like omnirom builds) and upstream supported kernel versions and recommend to buy based on that information.
Turned out for my case that there aren't many "real" aosp compatible devices.
The ones I tried out and confirmed were Nexus 4/5P (not 5X!), sony xperia x and compact variant aka kugo, xiaomi redmi note 4 and 8/8T (mido and willow or gingko) and some older, very very outdated devices.
Owned a kugo for a while but android 10 builds became super unstable and caused a lot of crashes and reboots.
Went for xiaomi redmi note 8 (ginkgo) and ignoring the shitty needing-windows-and-168h to unlock bootloader problem it's a very nice device.
Compiled LineageOS from sources, and together with the official releases for Magisk, Blokada, Appwarden, Oeffi, OsmAnd+ and Orbot/TOR browser with ublock0 and umatrix it's pretty much as tracker free as possible.
I also would never recommend any android lower than 10, due to the privacyguard integration that is missing in older versions (privacyguard aka app rights management for location, wifi access, storage access etc).
Sidenote here: TOR browser includes mozilla telemetry service, but you can disable that with appwarden. Reported it upstream, didn't have the time to fix it yet.
The only tracker regarding exodus' list is actually the crashdump reporting feature in Telegram which I disabled with Appwarden.
I also would recommend to use f-droid or the github releases of apps you want to install. A lot of builds on f-droid are outdated for years, so it's better to check the source directly to be sure.
Additionally, never install gapps, never install firefox for android, never install chrome, never install whatsapp or any fb product, never install apps that require admob or play services.
Check spywarewatchdog's blog or do mitmproxy audits yourself.
My knowledge is a bit outdated when it comes to the bullhead (and/or angler because they shared parts) kernel mods, but last time I checked huge parts of the firmware were relying on a legacy kernel version 3.x which is literally a decade old by now... And additionally wifi/bt/baseband had huge amount of proprietary blobs.
Please correct me if I'm wrong but it seems as this is also the case today.
I'd rather recommend to check the postmarketos wiki for supported devices, check what's the latest upstream aosp builds (like omnirom builds) and upstream supported kernel versions and recommend to buy based on that information.
Turned out for my case that there aren't many "real" aosp compatible devices.
The ones I tried out and confirmed were Nexus 4/5P (not 5X!), sony xperia x and compact variant aka kugo, xiaomi redmi note 4 and 8/8T (mido and willow or gingko) and some older, very very outdated devices.
Owned a kugo for a while but android 10 builds became super unstable and caused a lot of crashes and reboots.
Went for xiaomi redmi note 8 (ginkgo) and ignoring the shitty needing-windows-and-168h to unlock bootloader problem it's a very nice device.
Compiled LineageOS from sources, and together with the official releases for Magisk, Blokada, Appwarden, Oeffi, OsmAnd+ and Orbot/TOR browser with ublock0 and umatrix it's pretty much as tracker free as possible.
I also would never recommend any android lower than 10, due to the privacyguard integration that is missing in older versions (privacyguard aka app rights management for location, wifi access, storage access etc).
Sidenote here: TOR browser includes mozilla telemetry service, but you can disable that with appwarden. Reported it upstream, didn't have the time to fix it yet.
The only tracker regarding exodus' list is actually the crashdump reporting feature in Telegram which I disabled with Appwarden.
I also would recommend to use f-droid or the github releases of apps you want to install. A lot of builds on f-droid are outdated for years, so it's better to check the source directly to be sure.
Additionally, never install gapps, never install firefox for android, never install chrome, never install whatsapp or any fb product, never install apps that require admob or play services.
Check spywarewatchdog's blog or do mitmproxy audits yourself.
[1] https://omnirom.org
[2] https://wiki.postmarketos.org
[3] https://f-droid.org/packages
[4] https://reports.exodus-privacy.eu.org
[...] probably forgot a hundred links...but textareas on smartphones are unusable.