What features will be missing in GOS' Android 15 version?

androidin Later on this year it was stated that secure face unlock is interfering with 2FA unlock implementation although these are totally different topics.

The issue isn't about whether face-unlock hardware and fingerprint-unlock hardware are the same (they're not), or whether a user's face is the same as a user's finger (they're not). The issue is whether or not the code for face unlock and the code for PIN/passphrase unlock and the code for fingerprint unlock are interrelated, and my understanding is that the Android unlock code in general is a complicated interwoven carnival.

androidin Probably, secure face unlock isn't open source and must invented and written completely new and probably that's timewise and technically (know how) not possible, an I right?

I think the things that would be necessary are something like:

• high-resolution IR face camera (clearly some Pixel devices have this)
• face-recognition software core (online I read that this is closed-source and proprietary, though in theory an open-source alternative could be found or written)
• integrating face-recognition software with the IR face camera ("a simple matter of programming")
• sufficient testing (presumably including twins!) to believe it's reasonably secure

I suspect if this were easy then some Android variants would already be doing it, especially ones with large user communities. Is this feature available on LineageOS, DivestOS, crDroid, etc.? If it's available on all of them except GrapheneOS, maybe it's easy-ish? If it's available on none of them maybe it isn't easy.

DeletedUser88 Will I be able to set a separate VPN in the private space just like a normal profile?

On the stock PixelOS, the latest Android 15 Beta, the Settings app in Owner has a nice UI for switching between settings for the Owner profile and the Private Space profile. When you go to Settings > Network & internet > VPN, the VPN apps are marked with icons to differentiate between the VPN slots for Owner and Private Space profiles. I expect this to be the case for AOSP as well.

I think that Private Space is very nicely done – UI-wise it's easy to quickly differentiate between apps, settings and notifications in Owner and Private Space. You can run two instances of the same app side-by-side and quickly note which one you're currently using by activating the app switcher. I took some screenshots to better explain this but I think seeing it for yourself when GrapheneOS based on AOSP15 is released will explain it better.

Please note that I have only tested this on PixelOS.

fid02 Very good news! Is this feature limited to one Private Space per profile?

TrustExecutor
https://discuss.grapheneos.org/d/15696-question-about-the-new-private-spacess-feature-in-android-15/2

de0u

high-resolution IR face camera (clearly some Pixel devices have this)

Only the Pixel 4 and Pixel 4 XL had IR face scanning. They had dual IR scanners for 3D scanning, a dot projector and a flood illuminator. Face unlock on the recent Pixel generations is a software feature entirely based on the front camera. The front camera is far more primitive than the rear cameras and didn't even support autofocus until the Pixel 8 Pro and all models of the 9th generation Pixels, but it's a more primitive kind of autofocus. They use phase detection autofocus rather than dual pixel autofocus which is more primitive and doesn't provide as much data for face scanning. We could add support for it if we really wanted but it's not really a good implementation of face unlock and we're not fans of it. 9th gen Pixels moved to nicer ultrasonic fingerprint scanners.

GrapheneOS Oh, I didn't realize that the stock OS's face unlock on the Pixel 8 and Pixel 9 was using a regular visual camera. Thanks for clarifying that. I can imagine that might dampen the project's enthusiasm.

Dumdum Ah, little bit disappointing but it serves as a nice feature to confine sandboxed Play along with the apps requiring it into a Private Space. We will see how the UI looks and if there is possibility to share files and images in a Storage Scopes setting spanning both the Owner and Private Space.

DeletedUser88 Can I copy and paste text from the private space to my main profile and vice versa?

Yes, looks like it.

GrapheneOS so... they degraded security features from 4 to the newer models?

Damn, thats crazy. Thanks for the info!

(They also removed the headphone jack, which I guess is the biggest security issue)

missing-root They also removed the headphone jack, which I guess is the biggest security issue

The USB-C port works just fine as a headphone jack, I am using it all the time. You just need USB-C earplugs or an adapter from USB-C to analog headphone jack. I cannot see how USB-C would be less secure than a regular analog headphone jack. But I totally understand not wanting to use Bluetooth.

Will lock screen customization be coming to AOSP?

ryrona

I talked about security. Headphone jacks work waaay better than a dongle, trust me, do an A/B comparison.

It works better, is faster and most importantly it just does audio I/O and like 3 commands for the buttons.

The GrapheneOS USB port settings can set it to "charging only" which is a big security advantage against unknown attacks.

missing-root The audio input and output for the analog audio jack was always very low quality due to never having a high end DAC. There's still wired headphone support via USB-C. Even the basic Apple and Google USB-C DAC provide far high quality audio.

USB-C headphones are fully compatible with our USB-C port control feature with the default Charging-only while locked node. It allows the existing connection to continue while locked but disables new USB connections immediately and then fully disables USB when the headphones are disconnected. It does reduce security compared to not using it through keeping USB data partially active after locking while it's in use, but only while in use and data is fully disabled immediately as soon as it's unplugged. New connections are also blocked immediately after locking including at a hardware level, not just a software level. The USB-C controller in Pixels supports blocking the new connections at a hardware level while keeping existing connections working and has disabling data completely as a separate thing we can do once the existing connections end. It also has the option to fully disable it for even charging, which is quite useful since USB-PD isn't simple.

Analog audio jacks going away is simply something you're going to have to accept as part of devices becoming more modern in the same way that laptops rarely have an Ethernet port anymore despite that being more secure than exposing Wi-Fi attack surface. Phones also don't have Ethernet ports but you can still use Ethernet if you really want to via USB-C in the same way you can still use wired headphones. Dedicated charging ports on laptops are also going away and being replaced by USB-C charging. USB-C technically supports up to 240W power being supplied... Dedicated display outputs are also being replaced with USB-C via DisplayPort alternate mode. This is simply how things are going. Eventually there will probably be no ports on devices... By then, hopefully all the firmware and driver code is in a memory safe language combined with far better exploit mitigations and fuzzing, etc.

ignition VPNs are per-profile and it's no different with Private Space. Private Space is essentially a replacement for managing a work profile with a local device management app. It can be used alongside it and has better integration for local usage.