Killjoy I'm new to GrapheneOS so please forgive me if I'm wrong. I read multiple people here who want to put Google Play/spyware apps in the private space, but doesn't it make more sense to put that in the main profile and then use trusted / open source apps in the private space?

That is what I am going to do. I don't think it make more sense as such; regardless of what profile you put Google Play and their apps in, they cannot see or talk to apps in any other profile. Some prefer to put Google Play and their apps in the private space, because that way they can be shut down by simply locking the private space, so they cannot even track when you use your phone or not. But I prefer to have all privacy sensitive things in the private space, so I can keep that data and those files encrypted and locked away most of the time, in case my device is taken. And that is of course only trusted open source apps. It depends on your use case.

DeletedUser87 not at all, no. The owner profile has the most insight into the other profiles, you can imagine it as an "admin lite".

Apss running in owner profile should not have more permissions than apps running in any other profile. Especially no kind of admin like permissions. This includes Google Play and Google Play Services, which are just regular apps in GrapheneOS without any special permissions.

      vagrantly321

      By installing App Manager from F-Droid, searching for the Settings app and, under activities, lunching the Settings Homepage Activity, I was able to access the full Settings app of the Private Space. If anyone is interested to modify some options that are not currently inside the Private tab of the Owner's settings app, this is a simple workaround.

      So at this point I've checked the NFC settings, and surprisingly the bank app that I set as the default for NFC payments in the Owner profile was listed here in the Private Space as the default too, even though it doesn't exist here at all. It is worth to mention that it even has the little icon indicating that it is part of the Private Space. I'm not sure if installing the same bank app also in the Private Space would provide a temporary solution to this, but I might give it a try and write here if it works until an official fix.

          Hello,
          Actually I have 2 user profiles at GOS: primary, without GSF and secondary, with my banking apps and GSF installed.
          Is possible to migrate from this 2 user profiles to only a user profile (main) then install GSF and my banking apps at private spaces then no install GSF at main profile without lost privacy/security or is best to continue using 2 users?
          Thanks

            GrapheneOS You can have a single Private Space and a single work profile in the Owner user.

            Would it be possible to implement not just one, but multiple private spaces for use on GrapheneOS? Would be a game changer, because you could have good usability while still being able to control which apps can talk to and see each other.

                4 days later

                vagrantly321
                turns out that after installing the same bank app also on the private space, in the NFC settings I still see this bank app with the private space little icon but now I see also the same bank app without this icon, which is the one from the Owner profile. So I picked this one without the icon as the default and now the Owner bank app gets picked every time for NFC payments, even with or without the Private Space open. This is great since it solves my problem and I can pay with the phone, I just hope that this workaround or anyway this double app thing (owner + private space) won't stop being visible inside the NFC settings without a proper NFC fix.
                Btw In the private space I didn't have to activate the same bank app, somehow it was enough that it is installed for me to see inside the NFC settings the Owner app.

                    vagrantly321 this! Is super helpful! Hopefully Gos can just surface the settings link in the future so we don't need the extra app but good find!

                      cdflasdkesalkjfkdfkjsdajfd
                      Yes this is a very good use case that is making using GrapheneOS with good isolation of Google Play Services dependent apps much much more convenient. I can recommend this setup if it fits your threat model. I personally haven't seen any drawbacks from this setup if compared as my previous setup of using a secondary profile. Only huge increase in usability, especially for those ude cases where you have messenger apps with dependency of GSF for notifications. Now you can actually see the notification and not just a generic notification forwarded from the second profile, as before (with the "send notification to current user" setting toggled). No need to constantly switch profiles and authenticate.

                      I have not tested but this maybe also partly mitigate the annoying AOSP fingerprint bug that in reality only let you have two fingerprints stored. Since you don't need to switch profiles as often it doesn't matter if fingerprint auth doesn't work when switching profiles.

                          cdflasdkesalkjfkdfkjsdajfd I do not see the issue. You do have a screen lock with a reasonable timeout duration, right? If you do not have a very high threat model then AFU protection is most likely enough. The reboot timer makes sure your phone will be in BFU state long time before Cellebrite and the likes can brute-force your PIN. Especially if you have the timer on something low.
                          The same scenario you describe can happen if you have your secondary profile active when your phone gets lost. It is practically no difference here.

                            @GrapheneOS
                            Would it be possible to add functionality to install apps to Private Space from the Owner? Like currently possible with secondary users?
                            That way you could install sandboxed Google play in the owner profile and install apps from the Play store inside the PS, without having install sandboxed Google play in the PS.

                            cdflasdkesalkjfkdfkjsdajfd
                            No, see: https://discuss.grapheneos.org/d/16670-private-space-on-android-15-grapheneos/62

                                Can apps be installed via adb in private space or via copying it from the main profile, like to other users, or the only way to do it is via a store, like Play Store or Aurora?

                                  cdflasdkesalkjfkdfkjsdajfd Yes, you can adb install to the private space.

                                  $ adb shell dumpsys user | grep "Private space"
  UserInfo{##:Private space: ......

                                  ## is the userid of your private space.

                                  Then $ adb install --user ## file.apk

                                    Is there a way to do not unlock private space using the fingerprint but configure fingerprint to unlock some apps in private space? I have set private space to be unlocked by password and fingerprint settings to do not be used to unlock the device but when I unlock private space the fingerprint unlock is displayed instead of the keyboard.
                                    Thanks

                                    Will the settings on the Private Space be extended like those on the other profiles?

                                    Is data unrecoverable when deleting Private Space as when deleting profiles?

                                    Edit : It seems to be the same with the deletion of data :

                                    All forms of profiles have separate encryption keys. You can keep a Private Space at rest while the Owner user is logged in just as you can with a secondary user.

                                      Hat

                                      Is data unrecoverable when deleting Private Space as when deleting profiles?

                                      Yes, it's similar to a user profile especially if you set a dedicated lock method but can be reliably deleted even when sharing the lock method with the Owner user, since it still has separate encryption keys and protection. It shouldn't be possible to get the data when Owner is unlocked but the Private Space is not even when the lock method is the same. Reboot is still best to get data back at rest instead of relying on things being zeroed as they should be.

                                        We strongly recommend it as a replacement for a work profile managed by a local profile admin app. It has better OS integration and isolation.

                                        I am really struggling to understand the messaging here. I generally think of "integration" and "isolation" as generally diametrically opposed. I like how existing profiles are completely separate. I don't want any possibility of data leakage between/across them. Are you using "work profile" as a general term for any secondary profile (meaning one connected to a dayjob, etc) or is that something else?

                                        @GrapheneOS What exactly would be the benefit of deleting my secondary profiles and recreating them as Private Spaces within the Owner Profile? What are the precise differences between these two feature sets?I'm sure I'm not the only one wondering this. A simple page in the docs would be greatly appreciated once this feature has matured a bit more.

                                        Thanks for all you do.