I agree with using open source software, but the source code of said chat apps is just one part of the equation.

AFAIK cryptography implementation relies on the operating system / firmware the app is running on (they tend to be closed source). Most implementations rely on random generators provided be the operating system. Doesn’t really matter how good the encryption implementation is in the chat app if the software it relies on is compromised - see book I recommended above (The hacker and the state).

I suspect it’s the latter one. The book titled “The Hacker and the State” goes into detail about how it can be done (or may have been done in the past). A fascinating read for anyone interested in the subject.

Obsidian asks for the permission upon first launch, but if you don’t give it access it won’t work at all (it’s a required permission for the app).

you can use an android firewall to block Internet access from the app

True, however, AFAIK if your phone is not rooted, you can’t have a firewall and VPN running at the same time (the firewalls I’ve seen must be configured as VPN).

not the privileges that obsidian has

Also true, although Obsidian has access to that shared storage, and therefore, Obsidian being closed source, you have no way of knowing what they do with the files other apps create in that storage directory. I’m not saying they are acting maliciously, but I don’t like this approach (software vulnerabilities, supply chain attacks, etc.). The devs recognized the issue in another thread, but there’s no solution to the problem as of yet.

I’d love to use this setup, however, the Obsidian Android app requires a kind of file access that is concerning:

Obsdian uses a shared location “/Documents” so that other apps can access the files (e.g. third party sync services) or add stuff.

https://forum.obsidian.md/t/fr-make-obsidian-work-on-android-without-asking-for-storage-permissions/19360

It’s a no-go for me. :/

It beggars belief that those videos have so many views…