Best way to update apps throughout user profiles

missing-root

Can someone explain why I would want to use user profiles?

My 6a is already not thaat fast. I separate apps with work profile and private space. This allows me to share files easily, app updates actually seem to work way better across user profiles.

If I would use only one profile, and use the owner like you @N1b described, what is the attack surface reduction here?

You have appstores in the owner profile, which add a ton of attack surface. They connect to the internet and install apps.

You also always run playservices in the background, otherwise the playstore wouldnt work. So you have quite a lot of attack surface, dont you?

Also the issue with sharing files. Currently network over localhost works, but the future is unclear. Sharing via USB would require another app, to at least use public-private cryptography for the files. Otherwise using an unencrypted USB Stick would leave traces, and I know no USB shredding app on Android. Not sure if you can even shred flash storage.

Can you direct me to a list of things a guest profile cannot do, that the owner can?

user539

missing-root Also the issue with sharing files

Signal works great between profiles

N1b

missing-root what is the attack surface reduction here?

In the end it's of course up to you, and I can see why in your situation private space would make more sense. For me the reduced attack surface comes from:

Disabled apps in owner profile (where more harm could be done and every app is visible). Btw. you can also disable Google apps and appstores there whenever you don't run updates.
Better sandboxed apps in different user profiles, also fewer apps per profile in case of a breach.
Google is not installed in any of the user profiles, so it only sees the unused apps in the owner profile where no personal data will be shared via Play Services.
Much better agency over what I show police or border control in my user profile.
No data sharing between profiles (although that is a convenience issue as you mentioned).

I rarely have to share information between profiles, but in these cases I put them in Bitwarden since I use that everywhere anyway (or on a USB stick for lager files or data that needs to stay offline).

But these are only my reasons, I fortunately have an easy enough lifestyle for this to work with little to none of the complications. Private space can be a better alternative when data sharing is required and it's much better than work profiles.

missing-root

user539 of course it does. It connects to an external server.

missing-root

N1b

For good inter-profile-sharing, an encrypted solution needs to be there, with a permission to send data, and it needs to be there once they have different localhosts.

Maybe a permission to access usb devices, and an app that encrypts data then stores it on a usb device and automatically reads and imports it? Could even use the secure element, sounds very doable.

greetdnashoe

N1b This is interesting...

Clarifying question, though!

How do apps from these get installed on the user profile, if you only have app stores on the owner profile?

Or do you have the app stores AND the apps you need from the app stores on your owner profile and push those apps to the user profile?

JollyRancher

greetdnashoe

Step 1: Install app on Owner profile, deny network access and disable App.

Step 2: Go to settings, manage users on Owner profile. Pick profile that you want the app in and then tap Install Available Apps and tap the one(s) you want installed in that profile.

Step 3: Handle any needed app updates through the Owner profile.

N1b

Exactly like JollyRancher described. It's a bit more effort and opsec as you need to do your updates manually, but for me it's worth the simple morning routine.

greetdnashoe

This is amazing. Thank you both for the clarifications!

Chefsnade

N1b sorry, just to clarify and rather than starting a new thread.....
Disabling the app revokes all permissions, on top of that you need switch off 'allow background usage' for the battery. But what about WiFi date 'background data' this off also?
ATB

N1b

Chefsnade Not sure about your question, but disabled means disabled as far as I know. The settings you describe only affect enabled apps, so you shouldn't have to deal with them separately.

My easy morning routine is:

Unlock phone (it's already in owner profile thanks to auto reboot)
Enable Play Store and Play Services (I do that via the official GOS App Store)
Open all my app stores and update the apps
Disable Play Store and Play Services again and move to user profile

Often there are no updates so this takes a minute at most.

Chefsnade

N1b sorry I should have added in the main owners profile. I've added all apps there to port across to other profiles.
But in the owners profile if I disable the app background battery and WiFi is still on - toggle these off correct? ATB