If you read “national security” as a reason anywhere, you can read that as “bullshit”. True for any administration.

After you’ve already established security, you can add obscurity (without compromising security) on top for an even bigger gain in security overall. But you can’t do obscurity in place of security.

Fascism doesn’t want education or truth. It just wants loyalists who follow the fascist doctrine

GrapheneOS is the best mobile OS. Even though the Graphene team has weird habits of communication which might be off-putting for some, the OS technically still is the most secure AND most private mobile OS distribution you can have on any phone. It’s literally at the top, according to many technical and data protection experts. It’s so good that Cellebrite can’t crack it even with physical access, and some police in some country (I think it was Portugal) will assume you’re a criminal for using it, because it’s so secure and private and they can’t stand the thought of someone fully utilizing their personal rights. Plus, it has great documentation and is easy to install. Despite it being so secure and private by default, it still allows you to shoot yourself in the foot by installing the sandboxed Google services and so on, if you really want to. So it can also be used like an off-the-shelf Android, just with some additional hardening and extra protections on top which you benefit from, but the benefit will be much smaller of course when you install and use spyware apps.

Generally, a Samsung phone isn’t great for privacy. Consider getting a Pixel and put GrapheneOS on it. Much better Android baseline. More secure as well.

Any connection to Samsung’s servers is likely non-essential, but do check that OS updates work.

Google Play Services is Google’s main surveillance stack on every commercial Android distribution. It transmits a lot of unique device info to Google, every 20 minutes or so. The minimum data being transmitted is:

Phone #
SIM #
IMEI (world-wide unique device ID)
S/N of your device
WIFI MAC address
Android ID
Mail Address of your logged in Google account
IP address

However, this app might be required for Google Play to function. And also for some other apps. So check those dependency issues. In general, you should prefer using open source apps or any apps which don’t have such stupid dependencies. Some apps merely complain when you don’t have the Play Services app running (by displaying a popup) but still work.

There’s also the issue with Google’s DRM called “Play Integrity”. Some apps use Google’s Play Integrity API to “verify” that the device is an “officially sanctioned Android” and then act like any other Android is “unsafe” and then refuse to work. If you encounter this, be sure to complain to the app developers about this.

If you need the Google Play store but want to block network access for the Play Services app (which you should do), you should probably use the third-party Aurora store app.

About the Ironfox connections: not sure, but the “firefox-settings” hosts from Mozilla sound related to the Firefox Sync feature which syncs your settings/bookmarks/… with Mozilla. If that’s the case it’s also non-essential and can be blocked.