BladeFederation

Last I heard there is still no site isolation on Android

PineTime is probably the best choice privacy wise. It hits all your requirements but it is definitely not fancy. Pretty much everything will require an app, but the GadgetBridge app is FOSS with no trackers or uploading your data.

I’m going to go against the grain slightly and say that it’s not as bad as you might think. Schools and businesses have deals with Google when they pay for the software. Google is not allowed to scan everything to train Gemini the same way that they do for a personal free Google account.

That being said, it’s always best practices to disconnect work/school and personal activities, for a wide variety of reasons. The more present threat is the work/school being able to see everything you do on the device. Like, EVERYTHING, sometimes even keystrokes. Furthermore, using your personal third party accounts will increase the attack surface by Google and your school/employer being able to associate the service and/or account with you. So at the end of the day, don’t do anything personal on school/work devices, and you can’t get burned by either party.

I don’t code so correct me if I’m wrong, but wouldn’t the code have to be generally accepted, reviewed, and verified by other members of the project? Ai can fuck right off as far as I’m concerned, but this isn’t a situation where a CEO just unilaterally decides vibe coding is the move. Unless I’m mistaken.

Offline mode is available for free on the mobile app, but not desktop. Doesn’t work offline for browser extension at all, which is how auto fill works on desktop, which is much more useful. And offline mode for Proton  just means you can view the passwords you already created, not create more.

There are true offline local password managers but as long as the cloud sync is encrypted, I see no reason to avoid using it and miss out on half the functionality. Auth is more debatable but I’ve found uses for cloud hosted Auth too.

Because you should have your email, password manager, and authenticator be 3 different services. Otherwise there is 1 point of failure.

No, Play Store does not require Play Services integration, nor does it mandate any trackers.

In practice though, most use Play Services for push notifications, and there are a LOT of apps with at least Google Crashlytics, Google Firebase Analytics, and Google Admob trackers. Check out Exodus for tracker reports. Or use the Tracker Controller app. Just note that some trackers are pretty benign, or even a security feature, like Sentry.