GrapheneOS Are there any good use cases to using user profiles now that Private Spaces is out? I'd like to know the pros and cons.
Private Space on Android 15 GrapheneOS
GrapheneOS GrapheneOS users choose to use the OS in different ways. A lot of people largely use open source apps and not sandboxed Google Play. Others use sandboxed Google Play in their main profile. Many use sandboxed Google Play in a dedicated profile to choose which apps use it.
Hi, could you please better explain "not sandboxed" google play store? I know that any google softwares in GrapheneOS run sandboxed and without elevated privileges, so non sandboxed play store is confusing me.
Thanks
yore You can have a single Private Space and a single work profile in the Owner user. It's worth noting that the Private Space clipboard is currently shared, but we can likely add a toggle for this fairly easily.
ototufu We were referring to people who don't use sandboxed Google Play. There is no such thing as Google Play outside of the standard app sandbox on GrapheneOS.
Hey, sorry english is not my first language and I am sorry in advance for poor wording. First of all, thank you for the A15 update and I really appreciate the work done in past few days by all devs. I am really liking the new Private Space feature and planning to replace 'Payments', one of my secondary profile with it which I use most.
My bank applications requires Play services, so I had to install them in a separate secondary profile. I tried out the Private Space with one of my bank app and play services installed in Private Space, it failed. Reason : My bank application verifies mobile number by sending an SMS from the registered mobile number to their server. But, as there is no SMS application installed in Private Space, I tried Fossify SMS from playstore, it installed but refused to open.
Request : Could you please add AOSP SMS/Messages application in Private Space as you have already added other GOS apps.
An idea on how to utilize them: If you want to edit a file, but don't leave any remnants or trace of it afterwards, until now you'd have to erase the whole user profile the file was saved in. Doing that with a private space should be much easier, but provide a similar level of protection against threat actors which might get access to your device after the fact.
- Edited
@GrapheneOS How does the security of the isolation between different user profiles compare to the isolation of a private space inside a user profile?
Just a warning for pixel 6 owners, several redditors with pixel 6 had their phones bricked after enabling private spaces on stock pixel os.
https://old.reddit.com/r/GooglePixel/comments/1g8cucs/pixel_6_bricked_after_enabling_private_space/
hi,
I currently have the problem that I cannot reinstall protonvpn in Private Space. It does not install via F-Droid and APK and Aurora Store report package conflicts (although I had temporarily uninstalled the app in the main profile). Is there a way to route the traffic from Private Space through my VPN in the main profile?
Thanks in advance.
randallont no problem here with my pixel 6 pro and GOS Android 15 beta/stable.
fxnn It's similar, but they run within the same overall SystemUI and also have a shared clipboard. We can likely easily add a toggle for isolated clipboard but it's still less separate than users due to shared UI. We haven't checked exactly how an accessibility service in Owner interacts with a Private Space, but that's one example of a case where it would be much less isolated.
It doesn't look like users other than Owner can create Private Spaces. I only use the Owner for app installation and updates and everything else happens in a main user profile. Would it be possible to add Private Space functionality to non-Owner users?
@randallont The claim on Reddit is unsubstantiated and doesn't make any sense. The described symptoms are a low level hardware failure that's not possible to trigger with software bugs alone. There is no real risk of bricking the phone at a low level using Private Space. It could trigger OS bugs but it's not going to break the hardware, and we haven't seen any indication of any kind of corruption or other issue triggered by it anywhere. News organizations spreading unsubstantiated and unverified claims based on anecdotes on social media are irresponsible spam sites.
Hawk_Tuah F-Droid incorrectly reuses app ids for their own builds signed with their own keys. You can't install multiple variants of an app with the same app id such as app.organicmaps
from the Play Store and app.organicmaps
from F-Droid in separate profiles because the OS enforces key pinning across profiles. Each variant of an app SHOULD have a separate app id such as how our Play Store releases of our apps use a suffix (app.grapheneos.camera.play
instead of app.grapheneos.camera
). You're likely trying to install different variants from what you have elsewhere. The version also has to be equal or greater than what you already have installed. It works the same as a work profile or user profile in this regard.
Hawk_Tuah
fortunately it seems to be a rare occurrence similar to the android 14 storage bug with multi users that only effected some pixel 6 devices.
Carpool7341 It would be possible but we don't know how complex it would be to add support for it.
randallont The described symptoms are a hardware failure, not data corruption. GrapheneOS was not impacted by those series of data corruption bugs due to having newer kernel LTS revisions with the patches for them. We've also avoided shipping any serious data corruption regressions impacting any significant number of users in the newer kernel LTS revisions, which is something we're always worried about. The LTS kernel revisions have very poor testing and the f2fs changes scare us. We're cautious about them.
- Edited
@GrapheneOS Is it possible to install apps into private space from the personal space as described here:
https://support.google.com/android/answer/15341885?hl=en
In “All Apps:”
- Touch and hold an app.
- Tap Install app in Private space.
- To complete the installation, follow instructions on the installer app.
- The new instance of the app is installed. The previous instance isn’t copied or modified.
I wasn't able to find "Install app in Private space". If this isn't possible rn, is there another way to install apps into private space from personal space?
GrapheneOS I had uninstalled protonvpn again, cleared aurorastore and droid-ify cache and memory and tried to install protonvpn in the main profile via aurorastore. Again, it still gives “Conflict with existing package INSTALL_FAILED_UPDATE_INCOMPATIBLE: Existing package ch.protonvpn.android signatures do not match newer version;ignoring”
Is there a way to delete the old signatures?