[deleted]
Now waiting for email, Private Space , Wasted Space at the moment.
How does Private Spaces isolation compare to secondary user profile?
[deleted]
Got fed up waiting for Google so deleted Private Space.
Upstate1618 Apps in the main profile can still know if you have installed an app in PS (just like work profile)
Are you certain? I was under the impression apps in main profile cannot see what is installed in private space, and certainly can't communicate with apps in private space. And same other way around.
- Edited
So far it seems to be lots of people with impressions & assumptions of how it works (including myself), little in the way of answers from someone who has looked at the code and understands the implementation (at least AFAIK).
@fid02 has done some useful testing from the user perspective, but that can only go so far.
At the very least, the following seems to be true:
ryrona Clipboard is shared between private space and main profile.
There is some means of granting apps access to files in the other profile, in a secure and private fashion, using file picker and similar. Meaning you as user must approve it before the app gets any access at all.
Files can be transferred between profiles in some manner by you as the user, but not by apps.
The default launcher (which can be third-party), if updated to support Private Spaces, can see what apps are installed when the Private Space is unlocked.
App stores in the main profile would at least know they are installing an app into a Private Space.
Probably9857 So far it seems to be lots of people with impressions & assumptions of how it works (including myself), little in the way of answers from someone who has looked at the code and understands the implementation (at least AFAIK).
BTW, this is not meant as a complaint. I know the GrapheneOS devs are busy with more important things.
Probably9857 So far it seems to be lots of people with impressions & assumptions of how it works (including myself), little in the way of answers from someone who has looked at the code and understands the implementation (at least AFAIK).
I intend to do a security audit of the private space functionality before I switch my setup to use that instead of secondary profiles. But it might be months away. I will of course share my findings, if we don't know anything definite before then.
Probably9857 The default launcher (which can be third-party), if updated to support Private Spaces, can see what apps are installed when the Private Space is unlocked.
The settings app in the main profile too. But both of those are privileged apps, they can do many things regular apps cannot. Same with apps that has accessibility permissions granted, and maybe device admin apps too but I don't know.
I don't think regular apps should be able to even see what apps are installed in the private space. I wouldn't expect them to be able to do that, and absolutely not communicate with them in any manner.
Upstate1618 Cloned profile is not the same as private space. Private space is supposed to be a more secure and private version of work profiles. What is your question or why did you link that post?
ryrona imo PS is like work profile and can not provide isolation like separate user does. I don't have any question.
- Edited
Upstate1618 True. Private space is similar to the most secure work profile setup using a device admin app like Shelter that doesn't grant any external party remote access to your phone.
Secondary users are more isolated. For example, private space has clipboard sharing with main profile. That is a weakness secondary users do not have.
13 days later
- Edited
rdns dev here
GrapheneOS Apps can support chaining VPN connections too. None of this is relevant to profiles and is something VPN apps need to provide. Most of these apps focusing on 1 specific thing instead of providing everything users want from a VPN app is because almost none of them are trying to make a high quality Android VPN app.
Successfully nerd-sniped us into implementing chaining in-app! (: It works but it is wonky: https://github.com/celzero/firestack/commit/c60e916feac4e8a74b24b5b4db2880f12115f854
ignoramous Wanted to setup another profile on my phone and another on my tablet but didn't realize would need a new VPN slot for each profile let alone the Private Spaces ( PS ). Damn. Already have a smart TV and a laptop with Mullvad ( soon to be another one ), really don't want to purchase more VPN service.
I hope Mullvad VPN will or is one of the ones that will work with the chaining.