GrapheneOS fully supports the Private Space feature in Android 15, which is essentially a separate user nested inside of the Owner user.

We strongly recommend it as a replacement for a work profile managed by a local profile admin app. It has better OS integration and isolation.

Private Space is an isolated workspace (profile) for apps and data similar to both user profiles and work profiles. All 3 forms of profiles also have entirely separate VPN configuration which is very useful even if you connected to the same VPN, since exit IPs can be separate.

All forms of profiles have separate encryption keys. You can keep a Private Space at rest while the Owner user is logged in just as you can with a secondary user.

Private Space makes it easier to share data than users. The clipboard is shared, but we could add a setting for it.

GrapheneOS users choose to use the OS in different ways. A lot of people largely use open source apps and not sandboxed Google Play. Others use sandboxed Google Play in their main profile. Many use sandboxed Google Play in a dedicated profile to choose which apps use it.

Regardless of how people choose to use sandboxed Google Play, they're regular sandboxed apps without special access. Private Space makes it easier to use a dedicated profile for sandboxed Google Play though.

It's also worth noting you can still use a work profile alongside it.

All of our features including Contact Scopes, Storage Scopes and sandboxed Google Play have full support for Private Space. We added support for it significantly before the release of Android 15, even before the initial early release of the source code was published in September.


Social media threads:

Mastodon: https://grapheneos.social/@GrapheneOS/113351721569189227
Bluesky: https://bsky.app/profile/grapheneos.org/post/3l74cuxsgee2x
X :https://x.com/GrapheneOS/status/1848744438568263956

    GrapheneOS Are there any good use cases to using user profiles now that Private Spaces is out? I'd like to know the pros and cons.

      GrapheneOS GrapheneOS users choose to use the OS in different ways. A lot of people largely use open source apps and not sandboxed Google Play. Others use sandboxed Google Play in their main profile. Many use sandboxed Google Play in a dedicated profile to choose which apps use it.

      Hi, could you please better explain "not sandboxed" google play store? I know that any google softwares in GrapheneOS run sandboxed and without elevated privileges, so non sandboxed play store is confusing me.
      Thanks

        yore You can have a single Private Space and a single work profile in the Owner user. It's worth noting that the Private Space clipboard is currently shared, but we can likely add a toggle for this fairly easily.

          Hey, sorry english is not my first language and I am sorry in advance for poor wording. First of all, thank you for the A15 update and I really appreciate the work done in past few days by all devs. I am really liking the new Private Space feature and planning to replace 'Payments', one of my secondary profile with it which I use most.

          My bank applications requires Play services, so I had to install them in a separate secondary profile. I tried out the Private Space with one of my bank app and play services installed in Private Space, it failed. Reason : My bank application verifies mobile number by sending an SMS from the registered mobile number to their server. But, as there is no SMS application installed in Private Space, I tried Fossify SMS from playstore, it installed but refused to open.

          Request : Could you please add AOSP SMS/Messages application in Private Space as you have already added other GOS apps.

            An idea on how to utilize them: If you want to edit a file, but don't leave any remnants or trace of it afterwards, until now you'd have to erase the whole user profile the file was saved in. Doing that with a private space should be much easier, but provide a similar level of protection against threat actors which might get access to your device after the fact.

            • Edited

            @GrapheneOS How does the security of the isolation between different user profiles compare to the isolation of a private space inside a user profile?

              hi,
              I currently have the problem that I cannot reinstall protonvpn in Private Space. It does not install via F-Droid and APK and Aurora Store report package conflicts (although I had temporarily uninstalled the app in the main profile). Is there a way to route the traffic from Private Space through my VPN in the main profile?

              Thanks in advance.

                fxnn It's similar, but they run within the same overall SystemUI and also have a shared clipboard. We can likely easily add a toggle for isolated clipboard but it's still less separate than users due to shared UI. We haven't checked exactly how an accessibility service in Owner interacts with a Private Space, but that's one example of a case where it would be much less isolated.

                It doesn't look like users other than Owner can create Private Spaces. I only use the Owner for app installation and updates and everything else happens in a main user profile. Would it be possible to add Private Space functionality to non-Owner users?

                  @randallont The claim on Reddit is unsubstantiated and doesn't make any sense. The described symptoms are a low level hardware failure that's not possible to trigger with software bugs alone. There is no real risk of bricking the phone at a low level using Private Space. It could trigger OS bugs but it's not going to break the hardware, and we haven't seen any indication of any kind of corruption or other issue triggered by it anywhere. News organizations spreading unsubstantiated and unverified claims based on anecdotes on social media are irresponsible spam sites.

                  Hawk_Tuah F-Droid incorrectly reuses app ids for their own builds signed with their own keys. You can't install multiple variants of an app with the same app id such as app.organicmaps from the Play Store and app.organicmaps from F-Droid in separate profiles because the OS enforces key pinning across profiles. Each variant of an app SHOULD have a separate app id such as how our Play Store releases of our apps use a suffix (app.grapheneos.camera.play instead of app.grapheneos.camera). You're likely trying to install different variants from what you have elsewhere. The version also has to be equal or greater than what you already have installed. It works the same as a work profile or user profile in this regard.

                    Hawk_Tuah
                    fortunately it seems to be a rare occurrence similar to the android 14 storage bug with multi users that only effected some pixel 6 devices.

                      randallont The described symptoms are a hardware failure, not data corruption. GrapheneOS was not impacted by those series of data corruption bugs due to having newer kernel LTS revisions with the patches for them. We've also avoided shipping any serious data corruption regressions impacting any significant number of users in the newer kernel LTS revisions, which is something we're always worried about. The LTS kernel revisions have very poor testing and the f2fs changes scare us. We're cautious about them.

                      • Edited

                      @GrapheneOS Is it possible to install apps into private space from the personal space as described here:

                      https://support.google.com/android/answer/15341885?hl=en

                      In “All Apps:”

                      1. Touch and hold an app.
                      2. Tap Install app in Private space.
                      3. To complete the installation, follow instructions on the installer app.
                      4. The new instance of the app is installed. The previous instance isn’t copied or modified.

                      I wasn't able to find "Install app in Private space". If this isn't possible rn, is there another way to install apps into private space from personal space?

                        d0ckR

                        If there is no SMS app and possibly no phone app in the private profile, what about apps who ask for phone permission?

                        Will those apps still be able to read the sim cards phone number if phone permission is granted?