My goal is to make one of my android phones as secure as possible, hence the question: What is the most secure way for an Android phone to gain internet access? Options I (think I) have:
- The phone has it's own physical sim card. Threat I see: The sim card could be manipulated by an attacker with physical access to my phone or replaced. Inserting the sim card and then locking the sim card slot (with glue) isn't an option because I may need a different sim card from time to time if I go this route.
- The phone uses an esim card. Treat: I can't judge this because I don't know much about esim cards.
- The phone connects to a wifi hotspot of another less secure android phone of mine. Benefit: No physical treat because the sim card slot could be "locked" (with glue) so that I could at least see if someone tampered with the sim slot. Treat: There may be a risk of infection over wifi if the phone which provides the hotspot is infected but I don't know how far fetched this is.
The answer I'm looking for is not an academic/theoretical one (everything is possible in theory I guess) but a practical/heuristic one.
Threat model / assumptions:
- I'm worried about physical attacks (attacker having access to both phones mentioned above when I'm not around) as well as an attacker who may have hacked my my less secure phone (without me being aware of it). I'm pretty sure sure no generic Android malware is capable of doing any harm here so I worry about targeted attacks.
- I'm not overly concerned with someone "only" reading unencrypted traffic leaving my "to be secureed phone" and more concerned with an attacker who would have "deeper" access for example to everything I type on the "to be secured phone" or who can see what I see on screen or an attacker who redirects me to a fake login of a site I use.
- Assume Android 11 on all phones.