• General
  • Rate my Profile Isolation/Silos

Just finished reading through the docs on the GrapheneOS website and I'm sold.
Will be picking up a Pixel 7 and switch to GrapheneOS (currently on Xiaomi MiA2 with CalyxOS).
Right now I'm doing some playing with of how I might break things up into different user profile silos.
Some of these ideas may not work, questions at the bottom.

Owner

  • Signal
  • Phone
  • SMS/MSM
  • CardDav (Contacts)
  • Camera

Personal

  • Photos
  • Ebooks
  • Audiobooks
  • CalDav (Calendar)

Personal Secure (forward notifications)

  • Banking
  • Password Vault

Work (forward notifications)

  • Google Frameworks
  • Aurora (Annoymous)
  • MS Authenticator
  • MS Outlook
  • MS Teams
  • PagerDuty
  • Slack
  • Uber

Google Annoymous

  • Google Frameworks
  • Aurora (Annoymous)
  • Google Maps

Google Real

  • Google Play
  • Paid Apps

Questions

  • I have the idea of keeping the Owner profile pretty content free. Is there any value to this or should I just merge Owner and Personal?
  • Am I able to copy anything between users? For example If I open my password vault in one user and copy a password to another - does that work?
  • Similar to above can I copy files between profiles? Documents / Images
  • Is there any cost to having lots of profiles? Storage - obviously, but I'm interested in Performance and Battery Life

Any other recommendations or thoughts?

    As far as I know you cannot share the clipboard between profiles. That would defeat the purpose of seperate profiles. Same with files. I am using session to share files between profiles but its not ideal. Im curious to hear what others use to share files between profiles.

    jroddev I can't give a perfect answer but I can give you information that can help you make an informed choice.

    • You will not be able to copy text nor files between user profiles natively. You will have to use a third-party solution like syncing/cloud software.
    • Forwarded notifications will not show the contents of the notification, merely the app name and what profile it's from.
    • Not ending a profile session will allow all processes to continue running in that profile, draining battery. Ending the session will flush the encryption key of the profile therefore preventing anything from running till you unlock the profile again.

    I personally only have 3 profiles, the owner, a work profile (through Shelter) and another user profile. The work profile has my apps that I want to access easily but isolate from everything else. This would be my banking and school apps. My second user profile contains my Google apps that I need for work and school. This is the only profile I am signed into my Google account.

      jarell I was shooting for your exact setup. I use shelter for a work profile for easier app access. Wanted to keep owner 100% free of a Google signing but Google Fi forced me into setting it up on my owner profile

        This is all very helpful. Thank you everyone.

        I may be forced to merge the Owner, Personal, and Personal Secure profiles to some degree. I was hoping to keep the actual Password Vault + App separate and only move individual credentials when I need them. Merging it all together is no different than I have now though.

        lcalamar + jarell are you using Shelter on top of the GrapheneOS profile sandbox? If so what is the added benefits?

        I recall reading there is a restriction on how many user profiles can be active at one time: 3. So if you want notifications to be sent in from other profiles, that's something to keep in mind.

        jroddev Every app is individually sandboxed. Apps can't ever access each other's data and require user consent to access profile data. Profiles don't provide any additional sandboxing. Profiles provide separate workspaces with separate instances of apps, app data and profile data. Apps can't communicate or share data across user profiles other than via the network (mostly true for work profiles too) and apps can't see apps in other user profiles (but can see them to an extent across user/work profile boundary).

          • [deleted]

          GrapheneOS Does that also mean if google play services are enabled then the apps in that user profile cannot "talk" to each other?

            [deleted] Every app is sandboxed whether or not you use Google Play services. Apps can communicate with mutual consent within a profile and can't do that across profiles without using the network. Sandboxed Google Play compatibility layer enables using Google Play as regular apps in the full standard app sandbox. There's no special app sandbox for Google Play. It's the same full app sandbox as every other app you install. GrapheneOS provides our sandboxed Google Play compatibility layer to make it work that way, not a special sandbox for it.

            @"GrapheneOS"
            Could you provide more information around 'mutual consent' to help with my understanding? I saw this used in the docs and I'm not sure what it means in practice. Does this mutual consent involve user approval? Or do the apps themselves provide the consent? What are the mechanism/s?

            It has been a few years since I've done any Android dev but at the time we were communicating with intents and app-links. I'm also aware you can communicate using storage shared folders, or via the network.

              jroddev what the doc calls "mutual consent" and "interprocess communication"/IPC is intents. Intents require mutual consent as the dev of the calling app obviously agreed to interact with the app they are calling and the dev of the receiving app wrote in their manifest which app can trigger which intent. At least, that's my understanding.

              MetropleX changed the title to Rate my Profile Isolation/Silos .

              Based on the response from @GrapheneOS I have semantically corrected the thread title and rephrased the OP to change references to 'sandbox' to user profiles or users.