What features will be missing in GOS' Android 15 version?

GrapheneOS Thank you for your hard work.

GrapheneOS Awesome! Do you mean it will be possible to run sandboxed Play inside a private space, confined along with apps that need Play services, as a more convenient option than different profiles for users with lower threat models? Will there be a possibility to run a separate userspace VPN? Is it possible to have more than one private space?

GrapheneOS Will I be able to set a separate VPN in the private space just like a normal profile? I read from the official documentation that the Private Space bypasses any VPN that is set on the Owner profile.

TrustExecutor the big questions

TrustExecutor Can you please link to those docs?

androidin Later on this year it was stated that secure face unlock is interfering with 2FA unlock implementation although these are totally different topics.

The issue isn't about whether face-unlock hardware and fingerprint-unlock hardware are the same (they're not), or whether a user's face is the same as a user's finger (they're not). The issue is whether or not the code for face unlock and the code for PIN/passphrase unlock and the code for fingerprint unlock are interrelated, and my understanding is that the Android unlock code in general is a complicated interwoven carnival.

androidin Probably, secure face unlock isn't open source and must invented and written completely new and probably that's timewise and technically (know how) not possible, an I right?

I think the things that would be necessary are something like:

• high-resolution IR face camera (clearly some Pixel devices have this)
• face-recognition software core (online I read that this is closed-source and proprietary, though in theory an open-source alternative could be found or written)
• integrating face-recognition software with the IR face camera ("a simple matter of programming")
• sufficient testing (presumably including twins!) to believe it's reasonably secure

I suspect if this were easy then some Android variants would already be doing it, especially ones with large user communities. Is this feature available on LineageOS, DivestOS, crDroid, etc.? If it's available on all of them except GrapheneOS, maybe it's easy-ish? If it's available on none of them maybe it isn't easy.

DeletedUser88 Will I be able to set a separate VPN in the private space just like a normal profile?

On the stock PixelOS, the latest Android 15 Beta, the Settings app in Owner has a nice UI for switching between settings for the Owner profile and the Private Space profile. When you go to Settings > Network & internet > VPN, the VPN apps are marked with icons to differentiate between the VPN slots for Owner and Private Space profiles. I expect this to be the case for AOSP as well.

I think that Private Space is very nicely done – UI-wise it's easy to quickly differentiate between apps, settings and notifications in Owner and Private Space. You can run two instances of the same app side-by-side and quickly note which one you're currently using by activating the app switcher. I took some screenshots to better explain this but I think seeing it for yourself when GrapheneOS based on AOSP15 is released will explain it better.

Please note that I have only tested this on PixelOS.

fid02 Very good news! Is this feature limited to one Private Space per profile?

de0u

high-resolution IR face camera (clearly some Pixel devices have this)

Only the Pixel 4 and Pixel 4 XL had IR face scanning. They had dual IR scanners for 3D scanning, a dot projector and a flood illuminator. Face unlock on the recent Pixel generations is a software feature entirely based on the front camera. The front camera is far more primitive than the rear cameras and didn't even support autofocus until the Pixel 8 Pro and all models of the 9th generation Pixels, but it's a more primitive kind of autofocus. They use phase detection autofocus rather than dual pixel autofocus which is more primitive and doesn't provide as much data for face scanning. We could add support for it if we really wanted but it's not really a good implementation of face unlock and we're not fans of it. 9th gen Pixels moved to nicer ultrasonic fingerprint scanners.

GrapheneOS Oh, I didn't realize that the stock OS's face unlock on the Pixel 8 and Pixel 9 was using a regular visual camera. Thanks for clarifying that. I can imagine that might dampen the project's enthusiasm.

Dumdum Ah, little bit disappointing but it serves as a nice feature to confine sandboxed Play along with the apps requiring it into a Private Space. We will see how the UI looks and if there is possibility to share files and images in a Storage Scopes setting spanning both the Owner and Private Space.

DeletedUser88 Can I copy and paste text from the private space to my main profile and vice versa?

Yes, looks like it.

GrapheneOS We already added Private Space integration

Will GOS' implementation allow nesting VPNs such that if I have a VPN active in my owner profile and a simultaneously active but different VPN in the private space, the 'entry or real user IP' the private space VPN sees or reports is that of the owner profile's VPN? In this case, if only the owner profile has an active VPN, the IP of the space as visible to its apps and reported while browsing any IP testing site would be that of the owner's profile VPN.

GrapheneOS so... they degraded security features from 4 to the newer models?

Damn, thats crazy. Thanks for the info!

(They also removed the headphone jack, which I guess is the biggest security issue)

missing-root They also removed the headphone jack, which I guess is the biggest security issue

The USB-C port works just fine as a headphone jack, I am using it all the time. You just need USB-C earplugs or an adapter from USB-C to analog headphone jack. I cannot see how USB-C would be less secure than a regular analog headphone jack. But I totally understand not wanting to use Bluetooth.

Will lock screen customization be coming to AOSP?