Private Space on Android 15 GrapheneOS

Skyway

There's a lot of posts here sorry if this was asked.
Is there a way to have private space auto start when device is unlocked? Or prompt to unlock private space?

chisc

Skyway You can choose to change the 'Lock private space automatically' private space setting to 'Only after device restarts'.

With that setting, you'll only need to unlock it once after boot, switch to an inactive user profile, or if you ever manually lock it.

Panda-na

I have noticed that having an active VPN in Private Space, while using apps in owner profile, increases the accumulated data in the Private Space VPN (meaning that apps in owner profile goes through the Private Space VPN). I'm using Proton VPN, and the VPN is not active in owner profile, only in Private Space. I can't see anyone else having this issue. Is it only me?

Proton VPN
Private DNS is: Off
2025080400

From GrapheneOS website:

Android VPN configuration is split up for each profile which means work profiles, Private Spaces and secondary users have their own VPN configuration which is a fantastic privacy feature. Android has a standard restriction preventing processes from using a network which the current profile isn't allowed to access. However, this doesn't take multicast packets into account and it's possible to send multicast packets via VPN tunnels belonging to a different profile. GrapheneOS addresses this by extending the standard netfilter configuration with a multicast firewall preventing sending packets through a VPN tunnel which a process isn't supposed to be able to access.

GrapheneOS closes a hole in Android's eBPF-based firewall system which made it possible to bypass the VPN by specifying a specific interface with a special system call.

Probably9857

Panda-na I have noticed that having an active VPN in Private Space, while using apps in owner profile, increases the accumulated data in the Private Space VPN (meaning that apps in owner profile goes through the Private Space VPN).

How did you determine this? How do you know it wasn't one or more apps in the private space running in the background?

Panda-na

Probably9857 Because I only have one app in the Private Space (not counting Proton VPN), and I have disable backround activity for that app, so it does not send any data when not actively used.

Also, in the notification center (swiping down from the top), the Ptotn VPN notification has an active data usage counter. If I start a video stream or download/upload a big file from apps in owner profile, I can see the data counter increasing accordingly. So it is very visible.

Probably9857

Panda-na

There are system apps in the Private Space too...

But what you describe with the video download does indeed seem suspicious. I'll be interested to hear what others think could be going on there.

Probably9857

Panda-na

If you check your external IP address from owner profile, does it give you a Proton server, or your real IP?

That would be pretty definitive if it gave you a Proton address.

Panda-na

Probably9857 Yes, I have already done that. It shows my real IP in Vanadium (in owner profile), and my VPNs IP in Vanadium in Private Space.

So my suspicion is that this is just some DNS bug or something.

Probably9857

Panda-na

Hard to say. It could be a bug in the recent VPN lockdown changes, or maybe an upstream bug. Or maybe there is some logical explanation we haven't thought of yet.

If I have time, maybe I'll try to reproduce later (w/ Mullvad).

Panda-na

Probably9857 I have seen the big increase in data usage (bacue of woner profile use) for a while, so I don't know when this problem appeared, unfortunately.

For a period I used a private DNS while using the VPN (which I know is really not recommended). Then I saw the same thing (or rather, I saw that the data counter for Proton VPN did not count any data when Private DNS was active).

roamer4223

@Panda-na @Probably9857

I believe that ProtonVPN's notification that displays data usage will display all data used by the phone regardless of whether it is used by the profile/VPN in question or another profile or private space.

There is a technical explanation for this which unfortunately I am not qualified to give. It is vaguely something to do with the fact that active VPN apps have access to the data usage of the whole phone and ProtonVPN have not set up their data usage monitor to account for the fact there may be other profiles/spaces and so just show the entire phone's data usage.

I apologise if I got anything wrong there or just generally butchered the explanation. Perhaps someone with a better understanding of this will explain better

Probably9857

roamer4223

That would make sense. Seems much more likely than a major VPN bug.

Probably9857

@Panda-na

You could try using Proton in both owner and PS, see if they both show the same data usage.

roamer4223

Probably9857 @Panda-na

Yes you can prove it with this test, just bear in mind - if the VPNs do not start running at the same time, their total usage counter will show different amounts, but you can tell that the current data usage being counted/reported is the same.

If you try something that uses a lot of data in one profile, you will see both counters in each profile/space increase by the same amount

« Previous Page