Per their own releases, they includes October’s AOSP security patches.

This is pretty good, but still behind GrapheneOS in terms of security.

(I did a quick search, so I could be wrong)

Edit: Oct patches were included on a release from 1 week ago. I have no clue what their history is

For an external VPN like mullvad, I run my own proxy. Again it’s only available from my VPN or inside my network.

It uses socks5 and gluetun docket containers and in apps that support proxies, I can add my proxy to it and it’ll route that traffic through the paid VPN.

Or, a work profile (see shelter) or androids new private spaces. If you have private spaces, it uses a seperate network. So if you have a VPN installed outside the private space, it won’t work on apps inside the space. So, what you could do is have a paid VPN inside private spaces, and use it and a web browser or whatever there, and use your server’s VPN outside the private space.

Lmk if you want any of my docker composes

I keep it running always. Partly to access stuff at home, and party to get the ad-blocking from pihole.

Do not expose stuff unless you fully understand the security risks