[deleted]
[deleted] As the threat level now apparently changed
Yeah, I added an additional "But what if you want to...". I'm also not the OP. So it is apparent that this discussion is not meant to address a single threat model. But many.
Users should have the ability to hand the phone to a kid, friend, cop, airline desk rep, etc... immediately without the need to prep the phone. Regardless of the threat level.
Screen pinning is a good feature that I will likely use if I can. But it also doesn't allow for specifying a PIN or Password if the device has fingerprint unlock. So I either must never use biometrics, or must accept that I can be compelled to bypass app pinning. There should be more granularity so users can choose to lock the device with fingerprint for convenience, but have certain apps locked with a knowledge factor.
Guest profiles don't give anything but the built in browser. Not useful.
User profiles are great if you have time to set it up.
Apps that are well designed will have their own locking mechanism. Sometimes they don't bother. Many times they just rely on biometrics instead of user PIN. Some banking apps don't implement anything. It is better to not rely on 3rd party devs to implement.
Defense in depth must include some security/privacy features that appear to be redundant, but are just overlapping a bit.
App locker is not a replacement for user profiles or device security, but also cannot be replaced by them either.
If GrapheneOS was only for the super paranoid, then maybe they would market as a burner phone not suitable to daily drive as production. If they were just another Android flavor that didn't care about privacy, they would probably wouldn't care and just let app developers implement any features.
But users are somewhere in the middle. They want to be able to use their phone as a primary device, and not need to plan for every contingency, or be told it was their fault for not logging into to a premade profile before something happened.