How to use ProtonMail in my Android phone without letting Google know about my Proton account?
I have been slowly degoogling my life by reducing my use of Google apps and switching to FOSS alternatives. I recently created a Proton account and tried to keep it completely isolated from my default Google account so as to not let it know what my Proton mail identity is. I have finished my transition in my desktop to the best of my ability and am planning to start the same with my mobile. The only thing I have done in my Android phone related to Proton is having downloaded ProtonVPN and signed into my account within the app. However I fear by downloading ProtonMail and signing into it, my Android phone would identify the email account, which could make this entire transition useless. Is there a way to avoid this situation or has the damage already been done. What does Google know about my Proton account, if at all?
What Android, LineageOS? Where are you logged in, a Browser or Apps?
Apps are shit, Androids sandboxing security model is hillarious as all preinstalled bloat has all permissions.
Even on LineageOS Google knows
your IP from Connectivity check
your IP from captive portal check
your location and device data from SUPL / A-GPS
but if you are logges into any accounts in apps, no chance.
Simply use your google accounts through a seperate browser and never in "Apps". Best would be to use 'shelter' from F-Droid, create a work profile, install a VPN in either the work profile or your regular one, set it to always on -block other connections in your network settings.
IIRC this is worse on Qualcomm devices, where I believe the GPS almanac data is requested over plain HTTP, by the SoC itself outside of the OS's control
Your third point is more difficult. Unless things have changed recently, there isn't really any way to mitigate your third point. This area is not well understood
Manufacturer's version of Android. I've logged in the apps with multiple Google accounts.
While I could consider using my browser instead of apps for all google related services, I don't think outright removing the accounts from my phone since Google has mandated use of mobile verification (the one where they ask to choose the correct option from the three given number) and I don't want to provide them a phone number for SMS verification. I fear I would be locked out of my Google accounts if I don't have them signed in in my phone directly.
I tried checking Shelter, however it says it is best optimized for Pixel phones and grapheneOS (which I have neither of) and you already said sandboxing in Android sucks, thus it may not be beneficial to go through all that effort to setting up the separate profiles if it isn't even going to work well.
No shelter is not optimized anywhere. It runs on Android thats it. GrapheneOS is secure but they dont care about it at all, they think "oh I can use a USB stick to transfer files between profiles" is the definition of usable.
Get any LineageOS phone and you are way better off. No you wont use your Google account, maybe they force you to use a Chromium based browser, but logging into that crap is the beginning of the end.
Of course Google now knows all your device IDs so anonymous you will never get anymore.
Aurorastore with an own Google account works currently. Its always a fight of course. But I use GrapheneOS without these services and its fine.