What I am faced with is that for a work phone, believe it or not, a cybersecurity team wants me to join a group chat in WhatsApp.
I am expecting the arrival of a Fairphone 4 with /e/ OS on it and I am expected to use whatsapp on it.
So, this brings me to some questions I have:
With previous posts, there have been mention of FOSS apps that restrict launching and network access, and access to the battery. These are all viable security solutions for restricting apps completely, when they must be installed for some reason. But of course WhatsApp must communicate via a network.
Is there a FOSS alternative to Whatsapp, that works with WhatApp users and groups?
Is there a way to sandbox apps?
Can we see which user data these apps access, specifically beyond the stock Android features? If so how?
The stock WhatsAppp leaves a lot to be desired in terms of permissions and behaviors. It would be nice to make sure it does not download any files automatically of any kind and that text only is allowed…
Any chance that you can convince them to switch to Telegram, Signal or a Matrix client like Element?
Android/AOSP’s ART has some built-in sandboxing (but Android also has a lot more malware than Linux, so pick your poison). You can always access Whatsapp through a web browser at https://web.whatsapp.com, and web browsers are generally designed to isolate web content from your system.
Element one is the hosted managed matrix server and bridge service. You don’t run that at all (I mean, it’s open source, so you could run your own server if you wanted but that’s not what I’m suggesting here).
You connect to that using a Matrix client (an app for your phone in this case). There are many. Element is the one produced by the same company, it’s Electron based so should work on the L5 but probably not a great experience.
Fractal is the native GTK4 client for Gnome. It’s currently still in development so you need to build from source for arm but once it’s released it should be easy enough to install with flatpak or apt. (There was an older GTK3 version “stable” you can install from flatpak or apt but that does not support SSO sign on (which element one uses) and is being deprecated in favor of the rewrite).