TrustExecutor Thanks, I think I will try. The only thing is if my bank apps are in the private space and private space is unlocked and I loss the device... I think maybe secondary profiles prevent this.
Private Space on Android 15 GrapheneOS
cdflasdkesalkjfkdfkjsdajfd I do not see the issue. You do have a screen lock with a reasonable timeout duration, right? If you do not have a very high threat model then AFU protection is most likely enough. The reboot timer makes sure your phone will be in BFU state long time before Cellebrite and the likes can brute-force your PIN. Especially if you have the timer on something low.
The same scenario you describe can happen if you have your secondary profile active when your phone gets lost. It is practically no difference here.
Can the apps in private space, and specifically GSF know what apps are running or installed at normal space?
@GrapheneOS
Would it be possible to add functionality to install apps to Private Space from the Owner? Like currently possible with secondary users?
That way you could install sandboxed Google play in the owner profile and install apps from the Play store inside the PS, without having install sandboxed Google play in the PS.
cdflasdkesalkjfkdfkjsdajfd
No, see: https://discuss.grapheneos.org/d/16670-private-space-on-android-15-grapheneos/62
Can apps be installed via adb in private space or via copying it from the main profile, like to other users, or the only way to do it is via a store, like Play Store or Aurora?
- Edited
cdflasdkesalkjfkdfkjsdajfd Yes, you can adb install to the private space.
$ adb shell dumpsys user | grep "Private space"
UserInfo{##:Private space: ......## is the userid of your private space.
Then $ adb install --user ## file.apk
Is there a way to do not unlock private space using the fingerprint but configure fingerprint to unlock some apps in private space? I have set private space to be unlocked by password and fingerprint settings to do not be used to unlock the device but when I unlock private space the fingerprint unlock is displayed instead of the keyboard.
Thanks
- Edited
Will the settings on the Private Space be extended like those on the other profiles?
Is data unrecoverable when deleting Private Space as when deleting profiles?
Edit : It seems to be the same with the deletion of data :
All forms of profiles have separate encryption keys. You can keep a Private Space at rest while the Owner user is logged in just as you can with a secondary user.
Is data unrecoverable when deleting Private Space as when deleting profiles?
Yes, it's similar to a user profile especially if you set a dedicated lock method but can be reliably deleted even when sharing the lock method with the Owner user, since it still has separate encryption keys and protection. It shouldn't be possible to get the data when Owner is unlocked but the Private Space is not even when the lock method is the same. Reboot is still best to get data back at rest instead of relying on things being zeroed as they should be.
We strongly recommend it as a replacement for a work profile managed by a local profile admin app. It has better OS integration and isolation.
I am really struggling to understand the messaging here. I generally think of "integration" and "isolation" as generally diametrically opposed. I like how existing profiles are completely separate. I don't want any possibility of data leakage between/across them. Are you using "work profile" as a general term for any secondary profile (meaning one connected to a dayjob, etc) or is that something else?
@GrapheneOS What exactly would be the benefit of deleting my secondary profiles and recreating them as Private Spaces within the Owner Profile? What are the precise differences between these two feature sets?I'm sure I'm not the only one wondering this. A simple page in the docs would be greatly appreciated once this feature has matured a bit more.
Thanks for all you do.
strict-marsh Work profiles are exactly what it sounds like - a separate profile that runs side by side with the owner. Usually these will be created by an app like Shelter or Insular. They offer the least isolation compared to Private Space and secondary user profiles, but are probably the most convenient due to the amount of integration in the settings.
strict-marsh What exactly would be the benefit of deleting my secondary profiles and recreating them as Private Spaces within the Owner Profile?
Note that at present there is only one Private Space, associated with the sole owner profile. Secondary profiles are not the same thing as work profiles, so if you are using secondary profiles at present the recommendation to switch from a work profile to Private Space is not applicable.
Why Private Space unlock requires password only first time that's unlocked and no every time?
cdflasdkesalkjfkdfkjsdajfd APKExtractor I was able to easily copy any app just install in owner profile with a 1-click share to the private space download folder.
- Edited
missing-root how to disable the system clipboard if I use Florisboard clipboard? Thank you.
UndercoverBozo is accessible the private space download folder from the normal space?
cdflasdkesalkjfkdfkjsdajfd is accessible the private space download folder from the normal space?
No. Its actually quite frustrating to move files between.
- Edited
secrec you can use LocalSend to send files BTW normal and privacy spaces. It's working very well.
But if it's not visible, I do not understand the answer from UndercoverBozo ...
strict-marsh What exactly would be the benefit of deleting my secondary profiles and recreating them as Private Spaces within the Owner Profile?
The advantage of "private space" over a secondary profile is the fact that the two profiles can be used simultaneously rather than needing to go through the cumbersome process of switching between them.