Motivation

So this is probably a strange request but I really want to do this. For some reason, when I restored the WhatsApp chats most of the photos there got to the private directory where it doesn't show on my android gallery. I don't know what happened but there is no official solution to get the photos back. So I thought why not do it myself.

What I already did

I rooted m phone (temporarily) to get access to the msgstore.db file so that I can change the paths of the media. I can do that easily with a sqlite query.

What I couldn't do

When I try to modify the actual database, it says that I cannot do it since the file got corrupted. I think there might be a checksum or something somewhere but I can't seem to find any information about it. Does anyone know how I can do this without tripping the integrity checker?

I know that GrapheneOS has a lot of security features that make it basically impossible to compromise your phone. And that it has a lot of control over permissions and has some privacy features. But it also has a Google Services compatibility that would allow you to use Google services, which would allow Google to harvest a lot of data from you; much less data, but still some. Now OSes like CalyxOS or Lineage have microG which in addition to giving you the APIs, it uses less battery and has the ability to use Mozilla network location to stop google from getting that data. CalyxOS and Lineage don't have the crazy hardening modifications that GrapheneOS has, but Android is already crazy secure compared to something like Windows or Linux without a properly configured SELinux or AppArmor. Why have Graphene over Calyx?

I've rooted my device to get an acceptable blue light filter on my phone (1500K), I really don't like the idea of having to root just for that and play the cat and mouse game to hide the root. Any other way to do it? I've looked everywhere and nothing is close to what I want. The default night light in the settings barely goes below something like 2500K and the LiveDisplay feature in lineageOS and Calyx mess up the colors and there is a lot of blue that is not filtered at all. Anything you guys found?

I'm kind of tired of Google sending me to the same 3 sites whenever I search for something. If not the same 3 sites it's 7 others that are so generic and boring I just feel they're useless. It's always makeuseof, androidauthority, or whatever other sites that have useful information but I rarely feel like they are saying anything new.

I want to see the results from those small blogs that are sometimes linked here. I can't come up with one since... you know that's why I'm asking how to find them, but you know them; they talk about nerdy stuff and are not afraid to get technical in whatever topic they discuss.

Also duckduckgo and qwant do the same thing. If there is a way to curate the results to better fit my needs then that'd be great too!

I love the idea of having privacy in independence from all the tech giants' services. I have a server at home that hosts my storage, media, synchronization, and backups, along with some other random services. Since all these services are basically my life, I sometimes read about better security practices to replace whatever I do. Although sometimes, I feel like I can't figure out what practices are actually bad and really put me in a bad spot, and if they are good enough for me.

For example, I use a Keepass database to store my passwords. I want to sync them across all of my devices immediately. So I saved it in my VPS, and made the android client fetch it every time I sync. I also made a script that uploads the local database every time it is changed. However, I don't want it to override remote changes that I may have not saved on my local machine. To solve that, I made the script download the remote database and compare it to the local one before uploading. To compare, I made the script read from a PGP encrypted file that has the password to my database, and input that to keepass-diff. However, I read that using PGP is bad from this article. I can't say I completely understand what the author is saying, but I trust that they know their stuff. However, I feel like this is a bit nitpicky. Would using GPG make me exposed to massive risk as opposed to using any other service? I guess it's not that hard to move over to something like ccrypt or whatever, but why bother? Besides, I can tell GPG to keep my key in the session for a long time so that I don't have to input it every time. I don't know if ccrypt can do that.

Another example is using F-Droid. I came across this article and this one went way over my head since I'm not really well versed on android. But the gist I got is that F-Droid is not only insecure but is also bad for getting timely updates. I checked and some apps are something like 7 patches behind which is unacceptable for me.

One last example and this one is kinda petty no lie. The fact that RSA is trash. I read here and there that RSA is an old and deprecated encryption algorithm that no one should use this is another article that (surprise surprise) also went over my head. But what I could understand is that it is too easy to make mistakes using RSA and it should be in the history books. But I already made many SSH keys without choosing the encryption algorithm, so it's gonna be a bit inconvenient to change all of those.

So my question to yall is that, how do I find the line between using an acceptable albeit non optimal practice, and using an unacceptable practice for security?

Of course, I also have to put in mind the convenience, so I can't just change up my practices every 8 seconds when I find out that whatever program I'm using is a ticking time bomb.