Viewpoint0232 You can use both a Private Space and a work profile at the same time so you don't need to choose. Private Space doesn't depend on a management app and provides more built-in functionality since it's not tied to one. It's not currently possible to have multiple Private Spaces but it could be added and it's something we could do in the future, but the UI would need to be figured out to properly differentiate between them in the same way the Private Space is differentiated from a work profile.
How does Private Spaces isolation compare to secondary user profile?
GrapheneOS Im just sad that i have to use up more than 3 VPN device slots with my provider just on a single device.
GrapheneOS How similar is the backend code for Private Space compared to work profiles?
- Edited
Rizzler if it really bothers you, depending on what VPN provider you use, you can download an OpenVPN config and use the OpenVPN app.
All VPN providers I have tried, don't bother attempting to limit consecutive OpenVPN connections (at least, not when made in the way described above). It's probably more work than it's worth, I imagine.
I'm not vouching for the speed or the security etc, of this method though. In fact I'm pretty sure the only VPN app advised by GrapheneOS is the Official WireGuard app.
I guess another method could be to use your home router, if it has the functionality. When at home, you could leave all the VPN slots without a VPN and connect your router to a VPN via a downloaded WireGuard config. Then when not at home, you could set up a VPN server on your router and make separate configs for each profile etc etc, I think you get the point by now...
Personally, I like having separate VPN slots for each profile as it helps with keeping them isolated.
@Rizzler mind me asking what VPN you use? Or how much it costs per month?
Edit: Actually, maybe leave it as I'm just going to derail the thread more with stuff that isn't really relevant to the topic. The reason I asked is because I find it hard to believe it could end up costing you that much extra by taking up a couple extra VPN slots
roamer4223 please feel free to delete my last message (and this one) if you feel I have derailed the thread again after the official GrapheneOS account pretty much brought the entire VPN matter to a close. I really didn't think before commenting, sorry
roamer4223 Hey, thank you for the detailed info. I use Mullvad with the WireGuard app. It may actually work with profiles, cuz i don't have two profiles open at the same time usually.
6 days later
Sorry if this has been asked, iv searched and the focus seems to be on VPNs. Can apps communicate between main and private space?
Do you have a source for that? Everything I've seen about it has been kind of ambiguous.
U are right actually, documentation is actually written pretty ambigious. I was under the impression that private space would be an isolated environment. I still assume it is.
I've read https://developer.android.com/about/versions/15/features#private-space.
The private space uses a separate user profile
I assume that apps can't communicate between user profiles, at least not how user profiles are currently implemented in GOS.
The system sharesheet and the photo picker can be used to give apps access to content across spaces when the private space is unlocked.
This is written ambigious in my opinion, is it only system sharesheet and photopicker which can give apps acces to content across spaces? I assume this is only possible after user interaction first? At least i hope so. So can apps communicate, or can they access content after user interaction first. I hope and assume the latter.
Apps in the private space show up in a separate container in the launcher, and are hidden from the recents view, notifications, settings, and from other apps when the private space is locked.
Hmm, only when locked?
When a user locks the private space, the profile is stopped. While the profile is stopped, apps in the private space are no longer active and can't perform foreground or background activities, including showing notifications.
I guess its safe to assume that in a locked state, apps can't communicate between spaces. However i'm not so sure anymore what is actually the case in a unlocked state.
This is based on AOSP, and the implementation in GOS might be slighty different, i.e. more secured.
@Graphene1 Apologies, i should take back that 'no'. I hope a developer can chime in and give a definitive answer.
- Edited
r134a The information I have is that apps cannot communicate between private space and main profile at all, like for separate user profiles, except for three things:
- Clipboard is shared between private space and main profile.
- There is some means of granting apps access to files in the other profile, in a secure and private fashion, using file picker and similar. Meaning you as user must approve it before the app gets any access at all.
- Files can be transferred between profiles in some manner by you as the user, but not by apps.
Apps in the private space show up in a separate container in the launcher, and are hidden from the recents view, notifications, settings, and from other apps when the private space is locked.
r134a Hmm, only when locked?
I feel like this might be an important distinction.
Thinking about this from Google's perspective, they would probably want apps in the private space to be able to communicate with Play Services in the owner profile. If that is the only exception, that is probably prevented on GrapheneOS by running Play Services in the sandbox.
Or would they design the feature in a way that communication is enabled with any app in the owner profile when the Private Space is unlocked?
The developer docs seem to emphasize the use-case of keeping apps hidden from shoulder surfers, snoopers, or someone borrowing your phone, which is probably not the primary concern of GrapheneOS users.
The description sounds the same as the existing "work profile" feature. So: apps can't see each other across profiles and all data (e.g. files, contacts) are separate, but it is possible to manually share some data (e.g. you can make a screenshot and then "share" it with an app in the private space)
Apps in the private space show up in a separate container in the launcher, and are hidden from the recents view, notifications, settings, and from other apps when the private space is locked.
Do u know if apps in main profile can 'see' apps in private space when private space is unlocked?
If it's like the work profile, then no
Viewpoint0232
That's what i assumed beforehand aswell, however after reading the developer docs, i'm not 100% certain anymore. Most likely this is the case, however i find the writing in developer docs ambigious on that specific point.
ryrona The information I have is that apps cannot communicate between private space and main profile at all, like for separate user profiles, except for three things:
In order to check whether an app in Private Space can see an app installed in Owner and vice versa, I did a small experiment by using the following app: https://github.com/trustdecision/trustdevice-android
I installed the app in both Owner and Private Space.
In Private Space, the app reported a total of 326 installed apps. This included system apps, and a total of 9 non-system apps. All 9 non-system apps were apps that I had manually installed in Private Space.
In Owner, the app reported a total of 417 apps. This included system apps, and a total of 56 non-system apps. All 56 non-system apps were apps that I had manually installed in Owner. 8 of them I had already installed in Private Space as well, but they did not show up as duplicates in Trustdevice run from Owner. One app I had only installed in Private Space and not in Owner. This app did not show up in Trustdevice run from Owner.
Note this being a highly non-academic investigation.