Hi guys, three weeks ago I changed my phone for a Pixel and installed grapheneos on it. After reading some advice on the forum, I configured it in the following way:
- main profile with only stock apps, no Google Play Services, used only to manage the device sand switch to the correct profile
- primary profile with "safe" apps - Signal, Tutanota, etc. No Google Play Services (only GSF for Gcam), I spend hehe most of my day
- secondary profile I use daily, but with apps needing Google: banking apps, Whatsapp, Protonmail, Revolut etc.
- few other profiles I rarely use specifically for some very privacy intrusive apps
The current setup feels fine, but it also has some downsides - I think the constant switching between the two mostly used profiles drains the battery quickly and the notifications are sometimes unreliable (especially if I have to activate one of the rarely used profiles in the meantime) - I need to check once in a while if the secondary profile is still running.
As I have switched from an iphone, the thing I am missing is... convenience. I know that compartmentalization on graphene is the most secure way, but sometimes it really takes some effort to juggle between the banking app and the browser in the other profile or messaging friends on Signal and Whatsapp simultaneously.
I was thinking of an another setup and would like to ask, what am I giving up privacy- and security-wise. It would look like this:
- main profile with Google Play Services with all the apps that I currently have in my secondary profile: banking apps, Whatsapp, Revolut etc.
- work profile with all the apps from my current main profile, so Signal, Tutanota, mostly f-droid apps, but also Gboard, Gcam and Google Photos (all with revoked network permissions)
- the rest of the setup looks the same, so few rarely used profiles for privacy-invasive apps
This way all of the woods apps I use missy often are in the same user profile, but are divided between main and work profiles, so they it's easier to switch between them
The main questions I have is connected to Google Play Services being active in the main profile while having Google Apps in the work profile. How much could they see? As for the push notifications, if I would configure Signal before Google Services, it would not use the GMS, correct? What else would raise your concerns? Also, which app would you recommend for creating the work profile? Insular, Island, Shelter?
I would be grateful for any input.
Since this is my first post here, I wanted to thank you all for this wonderful OS!