p338k You're right, not sure how I missed that. Thank you!
Private Space on Android 15 GrapheneOS
- Edited
Killjoy I'm new to GrapheneOS so please forgive me if I'm wrong. I read multiple people here who want to put Google Play/spyware apps in the private space, but doesn't it make more sense to put that in the main profile and then use trusted / open source apps in the private space?
That is what I am going to do. I don't think it make more sense as such; regardless of what profile you put Google Play and their apps in, they cannot see or talk to apps in any other profile. Some prefer to put Google Play and their apps in the private space, because that way they can be shut down by simply locking the private space, so they cannot even track when you use your phone or not. But I prefer to have all privacy sensitive things in the private space, so I can keep that data and those files encrypted and locked away most of the time, in case my device is taken. And that is of course only trusted open source apps. It depends on your use case.
DeletedUser87 not at all, no. The owner profile has the most insight into the other profiles, you can imagine it as an "admin lite".
Apss running in owner profile should not have more permissions than apps running in any other profile. Especially no kind of admin like permissions. This includes Google Play and Google Play Services, which are just regular apps in GrapheneOS without any special permissions.
By installing App Manager from F-Droid, searching for the Settings app and, under activities, lunching the Settings Homepage Activity, I was able to access the full Settings app of the Private Space. If anyone is interested to modify some options that are not currently inside the Private tab of the Owner's settings app, this is a simple workaround.
So at this point I've checked the NFC settings, and surprisingly the bank app that I set as the default for NFC payments in the Owner profile was listed here in the Private Space as the default too, even though it doesn't exist here at all. It is worth to mention that it even has the little icon indicating that it is part of the Private Space. I'm not sure if installing the same bank app also in the Private Space would provide a temporary solution to this, but I might give it a try and write here if it works until an official fix.
Hello,
Actually I have 2 user profiles at GOS: primary, without GSF and secondary, with my banking apps and GSF installed.
Is possible to migrate from this 2 user profiles to only a user profile (main) then install GSF and my banking apps at private spaces then no install GSF at main profile without lost privacy/security or is best to continue using 2 users?
Thanks
GrapheneOS You can have a single Private Space and a single work profile in the Owner user.
Would it be possible to implement not just one, but multiple private spaces for use on GrapheneOS? Would be a game changer, because you could have good usability while still being able to control which apps can talk to and see each other.
TheGodfather It would be possible but would require drastic changes to the user interface. For now, you can use a Private Space alongside a work profile.
Thank you. On that note, how are app communication scopes going along?
4 days later
vagrantly321
turns out that after installing the same bank app also on the private space, in the NFC settings I still see this bank app with the private space little icon but now I see also the same bank app without this icon, which is the one from the Owner profile. So I picked this one without the icon as the default and now the Owner bank app gets picked every time for NFC payments, even with or without the Private Space open. This is great since it solves my problem and I can pay with the phone, I just hope that this workaround or anyway this double app thing (owner + private space) won't stop being visible inside the NFC settings without a proper NFC fix.
Btw In the private space I didn't have to activate the same bank app, somehow it was enough that it is installed for me to see inside the NFC settings the Owner app.
vagrantly321 this! Is super helpful! Hopefully Gos can just surface the settings link in the future so we don't need the extra app but good find!
- Edited
cdflasdkesalkjfkdfkjsdajfd
Yes this is a very good use case that is making using GrapheneOS with good isolation of Google Play Services dependent apps much much more convenient. I can recommend this setup if it fits your threat model. I personally haven't seen any drawbacks from this setup if compared as my previous setup of using a secondary profile. Only huge increase in usability, especially for those ude cases where you have messenger apps with dependency of GSF for notifications. Now you can actually see the notification and not just a generic notification forwarded from the second profile, as before (with the "send notification to current user" setting toggled). No need to constantly switch profiles and authenticate.
I have not tested but this maybe also partly mitigate the annoying AOSP fingerprint bug that in reality only let you have two fingerprints stored. Since you don't need to switch profiles as often it doesn't matter if fingerprint auth doesn't work when switching profiles.
TrustExecutor Thanks, I think I will try. The only thing is if my bank apps are in the private space and private space is unlocked and I loss the device... I think maybe secondary profiles prevent this.
cdflasdkesalkjfkdfkjsdajfd I do not see the issue. You do have a screen lock with a reasonable timeout duration, right? If you do not have a very high threat model then AFU protection is most likely enough. The reboot timer makes sure your phone will be in BFU state long time before Cellebrite and the likes can brute-force your PIN. Especially if you have the timer on something low.
The same scenario you describe can happen if you have your secondary profile active when your phone gets lost. It is practically no difference here.
Can the apps in private space, and specifically GSF know what apps are running or installed at normal space?
@GrapheneOS
Would it be possible to add functionality to install apps to Private Space from the Owner? Like currently possible with secondary users?
That way you could install sandboxed Google play in the owner profile and install apps from the Play store inside the PS, without having install sandboxed Google play in the PS.
cdflasdkesalkjfkdfkjsdajfd
No, see: https://discuss.grapheneos.org/d/16670-private-space-on-android-15-grapheneos/62
Can apps be installed via adb in private space or via copying it from the main profile, like to other users, or the only way to do it is via a store, like Play Store or Aurora?
- Edited
cdflasdkesalkjfkdfkjsdajfd Yes, you can adb install to the private space.
$ adb shell dumpsys user | grep "Private space"
UserInfo{##:Private space: ......## is the userid of your private space.
Then $ adb install --user ## file.apk
Is there a way to do not unlock private space using the fingerprint but configure fingerprint to unlock some apps in private space? I have set private space to be unlocked by password and fingerprint settings to do not be used to unlock the device but when I unlock private space the fingerprint unlock is displayed instead of the keyboard.
Thanks
- Edited
Will the settings on the Private Space be extended like those on the other profiles?
Is data unrecoverable when deleting Private Space as when deleting profiles?
Edit : It seems to be the same with the deletion of data :
All forms of profiles have separate encryption keys. You can keep a Private Space at rest while the Owner user is logged in just as you can with a secondary user.
Is data unrecoverable when deleting Private Space as when deleting profiles?
Yes, it's similar to a user profile especially if you set a dedicated lock method but can be reliably deleted even when sharing the lock method with the Owner user, since it still has separate encryption keys and protection. It shouldn't be possible to get the data when Owner is unlocked but the Private Space is not even when the lock method is the same. Reboot is still best to get data back at rest instead of relying on things being zeroed as they should be.