On Android and GOS, this can be achieved by installing banking and KYC apps in a separate user profile or private space. This provides strong isolation at the application and data level: apps in one profile cannot see, query, or interact with apps or data in another profile.
From a networking perspective, profiles do not automatically get different IP addresses. However, separating activities into different profiles greatly simplifies network separation: each profile can run its own VPN configuration. While split tunneling can be used within a single profile, maintaining distinct profiles makes it much easier and cleaner to enforce that KYC/banking apps always route traffic through a specific VPN, while non-KYC apps use a different VPN or the clearnet.
With this setup, a banking app cannot inspect or interfere with apps outside its own profile, and its network traffic can be consistently routed through a dedicated egress. This reduces app-level cross-referencing and limits both behavioral and network-based fingerprinting.
quotingNow the bank's app knows what other apps you have and demands that you delete them 😂.
nevent1q…ahvt
But it's the system we deserve; we've allowed it.
