Good question. Tried to find it but couldn't. Think I saw a post linking to an article somewhere here on Lemmy, but can't find it anymore. So take it with a grain of salt
Exactly. If you want to be 100℅ sure you don't get tracked AT ALL you can't use the internet.
The second you connect metadata is gained by ISP and all the servers which get called. This can be enough to track you down for powerful entities like the government.
If only your aunt may with a evening school IT course is your threat, a pin and graphene os is probably enough
Also OP mentioned his sim card is registered on his real life name, so having that connected to cellphones is enough to track you if you have a warrant to force your internet service provider to share the information
I have no idea what asahi linux is and at that point I am to afraid to ask
You always need to ask: which data do you want to protect.
If its position data and calls: nothing, it really doesn't matter what phone you use if the connection is not secure.
If its communication via messenger like matrix: you are already quite good protected with graphene os and matrix from a safe source.
If its Trojans from the police: don't download any software/apps/services that are not open source and widely reputable. (Most rich western states can probably still get full control if they want to because of zerodays)
If you want privacy for calls: get a simcard without your name/Iban/PayPal/creditcard etc attached to it in any way (prepaid with cash), Reset the phone, drive somewhere where you don't work or live with phone off Insert simcard and turn on phone. Wait Turn off phone and disable sim card Use only WiFi until you really need sim service (best not at your home or work).
If you want to protect data on phone: don't have biometric login (you can be forced to put your finger on the sensor, you can't be forced to type in a password as easily)
Netguard, shelter, only FOSS software, regular updates, no cloud, no google is never a bad idea, also only communicate via safe encrypted protocols (matrix, xmpp, pgp, https, etc., NOT WhatsApp, Facebook, unencrypted mail, http, SMS, calls)
EDIT: people here mentioned that graphene has a build in firewall, which you can use instead of netguard. I have netguard running though as I know the interface and options, have separate profiles for shelter and normal and don't use a VPN anyway.
To be honest, if kyc means what I think it does (I am not from the states) so that your provider knows your real identity, this phone with this sim will not be private, especially not when constantly connected to cell service.
With a warrant the local police could force your provider to tell them to which cell phone tower you are connected to, effectively giving them live position data. They can also read all unencrypted trafic this way (calls, SMS, telegram, http traffic etc.)
If your thread level is the police, you already f'd up, sry :/
Plus: its google/us hardware. They could always hide something in lower level software like drivers or bios.
(Cant find the arricle i was thinking of, maybe false): It was recently discovered that snapdragons pinged their home server when turning on, which was not noticeable in android as it was on a deeper software level
If you want to be sure you cant be tracked, monitored, spyed on, and calls can't be intersepted:
Don't ever connect it to WiFi and don't insert a sim card.
Graphene or not, your ISP can still share your position or other meta data with government and stuff (in the us they can also be forced to not tell you) - in some countries they legally sell to third party's, in some probably illegaly
Calls are normally not encrypted so the os doesn't matter as much if its the government who can force your ISP or if someone is skilled enough for a Man in the middle attack.
Android is a highly complex system, it will never be 100% safe.
If you just want to decrease spying by companies and less powerful people:
Use neo store or fdroid (no google play or aurora) as all apps there are Foss
Don't install gapps or any other google services/packages
Use shelter for less trusted apps
Use netguard to block apps from accessing the internet
Physically block your cameras
If you want to be absolutely sure no one is recording audio: destroy mics with a needle and connect headset only when you need it
To only use communication apps which are encrypted and you hold the keys should be not needed to be said: matrix, signal, element, xmpp are good, (telegram (normal chats), Facebook, WhatsApp etc is a no go)
Fahre wenn eh den billigsten Zug irgendwann nachts da isbimmer frei, warum mehr bezahlen
No guilt for own mistakes? Dunno bout that
But: every non Foss app you download runs code you can't control and could potentially compromise security. So caution is advised.