At the time I installed one of my older ROM installations, Bootleggers Oreo on Moto G5s PLUS with microG, I was more concerned with not having GApps than with security or privacy. It has Play Store and various apps I otherwise wouldn’t install today. One of those is Instagram (Barinsta, formerly Instagrabber is now used elsewhere). It doesn’t get updated much as I kept it inline with the XInsta Xposed module. Currently on version 155.
I recently realized that Instagram (at least v155) has no trackers but it does have an SSAID. Described thusly in App Manager…
SSAID (Settings_Secure_ANDROID_ID) is a device identifier assigned to each app (from Android Oreo). It is widely used by apps to track users.
Not sure how true that last statement is so I went searching. There’s quite a bit out there and I’m unsure if SSAID is a bad thing or not. Don’t know if there’s a way to sort apps in App Manager by SSAID so I had to check a few apps to see which had it (Play Store and XDA Developers are two). But then again, AdAway also has an SSAID and it’s not from the Play Store, obviously.
Regardless, my searches led me to an informative little article from IzzyOnDroid (probably the most popular third-party repo for F-Droid and a must-have in my opinion). A basic overview of Android Identifiers and a good starting point for learning more.
Android Identifiers: How Android devices and their users are identified
The article, btw, was last updated 2017. Quite old but still a nice overview.
EDIT: In the past I used to use an app called Paranoid for Android (Play/Aurora Store and /e/ Apps) for checking permissions. It would show permissions that apps used that wasn’t totally clear via Android’s settings. CyanogenMod’s/Lineage’s Privacy Guard (and whatever it’s called today - something under Trust) would show quite a bit of extra permissions used not readily apparent in AppInfo. For AOSP-based ROMs Paranoid was useful/helpful but it hasn’t been updated since January 2020. Used it to find what didn’t seem right and control permissions via Privacy Guard or AppOps. Today, apps like App Manager (via its App Ops tab) or LOS’ Privacy Guard (to a lesser degree) can disable permissions above and beyond the broad-based toggles in AppInfo.
Side note on F-Droid repos. In other threads there was mention of Firefox and Brave not available from F-Droid. That’s true when referring to the main F-Droid repo. Other repos can be added to get easy and regular access to various other apps. IzzyOnDroid (mostly straight from GitHub), “Firefox” (stable, nightlies, Focus/Klar, Signal, etc), Guardian (Tor Browser), microG, NanoDroid, Molly (Signal forks), NewPipe, Collabora Office, DivestOS (Mull browser - hardened Firefox/Fenix, GMaps WV, etc.), Bromite, and others.
Add what you need and take full advantage of the F-Droid or F-Droid Classic app. Obviously you wouldn’t enable the microG repo on /e/OS but you get the idea.
Second Wind repo is interesting. Apps that are useful when you are offline. Check their website.