I have to have WhatsApp installed on one of my phones for work purposes. It's not possible to ask my work to give me a phone (I'm on zero-hours contract).
I do have two phones - one DeGoogled pixel running CalyxOS and one iPhone XS. The iPhone I use for banking apps and basically anything that ties directly to me. Apple Pay and so on. Then I use the DeGoogled phone for everything else - most communications done over Signal, taking photos etc. This is my daily driver.
My question is this - is there any way to make WhatsApp as private as possible? I'm fine knowing WhatsApp reads all my messages etc (not really fine per se, but what choice do I have) but what I really don't want is telemetry.
So which phone should I install it on? The private one to limit telemetry, or the regular phone to stop any telemetry from my private phone being read? Or is there some way I can remotely host an instance of WhatsApp or something?
I have a similar setup and decided to install it on my degoogled phone because I definitely wanted to use a VPN to connect to Whatsapp and my other phone is an older Android without the global VPN option.
I have it completely isolated from my main account by using Shelter from F-droid, installing Aurora store in that sandbox and then installing Whatsapp from Aurora into the work profile created by Shelter.
This way, my main contacts and media are not accessed by Whatsapp. It does its own separate thing and I have no other apps interacting with it.
Update: WhatsApp just didn't want to open whilst in a work environment set up by shelter. Don't know why. It just hung for a few mins then crashed.
Shame! But I think I'll go with the other suggestion of a Matrix server
if you need only the chat (i.e. not calls) you could self host an instance of matrix with the whatsapp bridge. In this way you won't need the whatsapp client on your phone (other than for signing up and connecting the bridge once) and use it througth the matrix client (e.g. element).
I do this. However, you need to connect using the WhatsApp client every 12 days just to keep it "alive" otherwise WhatsApp servers sign the bridge out.
other than for signing up and connecting the bridge once
According to the docs, you still need the whatsapp client on a physical or virtual device to call back home every 2 weeks or so, which is really annoying.
I also tried the route of using a disposable number for the activation code without any success.
There are concerns with a company requiring any tool but not providing hardware to use it. That's bad practice from a corporate perspective, and opens them up to litigation connected to whatever is on that device. This is CTO/CIO Risk Management 101, and why companies provide devices that are heavily restricted.
Its a thing in the UK - basically you don't sign a contract for regular work, but instead are given work ad hoc. My point being there're not as many rights given to these types of workers, and they especially aren't going to buy me a phone - never mind give me paid holiday leave or a pension plan.
Yes youre right its bad practice. But the company I work for really doesn't care about that. I'm only there temporarily anyways.
GrapheneOS let's you run Whatsapp in a Work profile that's sandboxed away from your real data. You might have to install something like Insular from Fdroid to manage it.