Best Practices

The following advice is given to prevent compromise of the device.

Operate on a zero-trust model

Limit trust in all parties where feasible.

Treat all signals as hostile

Always limit incoming signals.
When connected to WiFi, it is advised to reduce incoming connections by enabling airplane mode.
Legacy protocols such as 2G/3G could lead to packet injection or other means of compromise
Limit the use of these Cellular protocols with the following setting alteration:
Settings > Network & Internet > Mobile Network > Preferred Network Type > Select LTE Only

Reduce the use of proprietary (closed-source) software

Black box or closed-source code places a substantial amount of trust in the software developer(s) / software issuer.
Android Open-Source Software (AOSS) is preferred. However, open-source does not guarantee privacy or security.
Validate application signatures with the developer when available.

Prioritize Communications Security (COMSEC)

Use end-to-end-encryption (e2ee) for your communication.
Opt for programs like Signal[.]org & Threema[.]ch.

Proactively audit permissions

Applications should be audited (ideally as they're installed).
Stringently assign permissions. Applications should rarely, if ever, be provided the Sensor permission.

Reduce running services

Close out applications when no longer in use.
Stop the NFC & printing service:
Settings > Connected Devices > Connection preferences

Don't become a target

Most phones are compromised through weak implementations of cryptography and centralization of services. We seek to limit and avoid anything that would create anomalous looking traffic/activity.

As blunt as we can be, if you are a target, you are compromised. Prevent yourself from being the anomaly that intelligence communities seek to detect.

Anonymity Retention

There is a high probability that this falls outside of your threat model.
If this is indeed a priority, it is advised to purchase the handsets with all transmitters and sensors removed.
The option of anonymity is ultimately yours; Anonymity going forward after receiving the device is entirely up to you.
All payment options are tailored for both vendor and user privacy.
The device will be anonymously procured, and your information will not be retained for more than the designated period highlighted on our Secure Flashing page. Be conscious of the cellular mechanism (if not desoldered), as this is the most de-anonymizing component of the device. If you seek total anonymity, do not allow the handset to transmit data around any of your devices, and it is advised to keep the device in a faraday bag, especially when moving closer to homebase.
While anonymity is extremely hard to retain, the proper discipline can achieve those ends.