• Off Topic
  • Sandboxed, Fileshuttle, Insular or Work Profiles for Google Play

The few apps I need require Google Play to work.
I started reading about it and found various options to secure privacy min. Fileshuttle, Insular, Work Profiles and Sandboxed (I may have got something wrong).

Which solution is recommended by GrapheneOS?
Is there somewhere a step-by-step instarction on how to do it right?

    Have a look at the the Side of Burritos channel in YouTube. There's lots of helpful GrapheneOS help there.

    I know the channel but I am not sure if what it says is the best possible solution recommended by GrapheneOS.

    mogacy-nadproza0m

    All apps on Android are sandboxed, even in Stock Android. GrapheneOS improves the sandbox. Google Play (GMS) is sandboxed just like other apps. The difference is on GrapheneOS, GMS doesn't have system-level privileges.

    However, even sandboxed apps within a single profile can see a list of other installed apps and can communicate with each other IF both apps consent to communication from the other.

    If there's an app or set of apps you don't trust, you can use them within a separate user profile. GrapheneOS also improves Android's profile isolation.

    I've read GrapheneOS devs on Matrix say work profiles aren't as isolated as user profiles. Also, installing GMS within a work profile sometimes doesn't work as expected.