• Off Topic

  • Google Play in main profile 😱

This is an interesting topic. I've struggled a bit with separate profiles because they are not as convenient as having a single profile. I ultimately ended up using Shelter in my owner profile. Within Shelter, I've installed Google Play Services and have a handful of apps that either need it, or are privacy invasive, and I don't want them to have IPC with apps in my "main" profile. This has been working flawlessly. For apps that need to provide notifications, I let them run in the background. I freeze all other apps so they're effectively disabled until I need them. As soon as the app is dismissed or I lock my screen, the app(s) is(are) frozen automatically.

I'll also say the line for the "average piece of shit guy with average data" moves closer and closer to the "center" everyday in the USA. Average piece of shit guy today becomes public enemy #1 tomorrow. My 2¢.

    F0SSIL

    I ike to play around and try out different things. Due to the mentioned fingerprint bug, I previously only had the owner profile and a user profile for banking.

    My current setup is:

    1. owner profile (sandboxed Google Play)
    2. invasive apps (social media, Google Maps, if I get stuck with Organic Maps)
    3. banking

    Works great, 95% of the time I am in the owner profile - so I don't have to push everything into a profile, but as I said, I also support the keep it simple approach.

    What I'm still thinking about:
    Set up Owner Profile completely without Google Play (I only need it for three apps, I could also move these to the invasive profile) - but have to figure out if unlocking via fingerprint remains stable.

      In the beginning I had a Pixel 4a and I used a different user profile for each individual app I didn't trust. Why? I guess I thought I was someone so important to warrant that level of safety, but I'm not. Whenever I browse through posts on reddit and see recommendations about privacy software to use, I get a hearty chuckle when people say they use Qubes. Using Qubes is a great way to burn yourself out. I've tried using Qubes and got burnt quick. It's like having a separate refridgerator for every item of food. I feel the same with user profiles. I have a phone to help me live my life and I don't live my life for my phone.

        One important way to reduce privacy and security fatigue is to avoid theater. It is low effort and high reward. After that is proper threat modeling. It is higher effort but helps to prioritize efforts.

        F0SSIL The whole point of sandboxed Google Play is that they're regular apps without any special privileges. You don't need to grant the standard permissions to them either. Using Google Play in your main profile isn't different from using other apps there. There is no special integration between sandboxed Google Play and profiles, contrary to what many believe.

            F0SSIL You can have molly on both profiles main and secondary. you can authenticate it using Signal desktop client.

                F0SSIL you casuals are the problem. sandboxed google services were a mistake. the initial hardcore users were the real deal, people who made no compromises and were willing to suffer for their convictions.

                now seriously I do just fine with aurora store but I get some people can't do without some g services dependent app so whatever works. still, at least a work profile for them would be a good ideea.

                    MarsTrue it looks like you're joking, but in case you aren't, GrapheneOS can be used by both the hardcore and the "casuals". Different people may have different goals, so one profile with Google Play is better for some people.

                      F0SSIL rubbish. Qubes is easy to use if you know Linux. And if you value security and privacy, whatever your threat model, its a solid choice.

                          mmmm Didn't say Qubes was hard. Did you read my post?

                            3zlgi8vre Didn't think of using the desktop client to authenticate. I ended up using Threema Libre on both profiles. Got sick and tired of switching between profiles.

                              Xtreix

                              Same here. KISS no secondary profiles. It all depends on your desired use case and threat model. I am not that worried about Google Play Services privacy issues but I want that thing to be sandboxed and not have elevated privileges. I am worried about security issues more than privacy ones.

                                a month later

                                de0u i meant more like nearby sharing and things of that sort. what can i feasibly turn off but have nothing break was my real question!

                                    [deleted]

                                    It depends on want you want out of it. It needs network permission for handling push notifications and downloading software. It needs at least storage scopes for security keys.

                                      [deleted] i meant more like nearby sharing and things of that sort. what can i feasibly turn off but have nothing break was my real question!

                                      I think the directions indicate that certain things (e.g., using Google's location service instead of satellite GPS) require more permissions.

                                      I think anything that is turned off will cause some application to stop working. People who want different apps will need to decide which Play Services abilities they are comfortable enabling/disabling. Without a specific list of apps I don't think it's possible to suggest what is truly needed.