IcyScroll Private space can still access localhost so you could share the vpn apk file with a http server app in the Owner profile and then open it in the private space with vanadium (with wifi/internet disabled).
Private Space on Android 15 GrapheneOS
Hmm
Also can app in the owner profile see what apps I have in Provate Space?
- Edited
@GrapheneOS Could you please give an option to hide that +Install button in the private space. It doesn't need to always be there. Its not there in the main profile or work profiles either. You just open the app store of choice to install apps. Also, if i use aurora store for example and press the + sign i can't select it.
I have installed Google related apps, banking apps, and WireGuard in my private space.
I am very happy to have all of my invasive apps together in a tightly isolated space.
I have nothing but gratitude for the GrapheneOS developers.
I will be donating money to the cause.
I hope that someday there will be the ability to impose restrictions on clipboard sharing.
Thank you.
Hb1hf damn you might be right... I give it a try
- Edited
I can't tell whether apps (including Sandboxed Google Play) in the Owner Profile can see those in the Private Space and vice versa.
But apparently you can not only work with two different Google accounts ( if your setup requires Google Play in Owner Profile and Private Space) Google also seems to encourage this:
Since private space is a completely separate space and profile on your device, it doesn’t automatically read the accounts in your main space. You need to sign-in to any accounts you want to use in private space, even if they’re already signed-in on the device. If you sign in to your private space with a Google Account that you use on your main space or any other device, some data will be available outside your private space. This includes data such as: Synced photos, files, emails, contacts, calendar events, and other data.
App download history and recommendations.
Browsing history, bookmarks, and saved passwords.
Suggested content related to your activity in private space apps.
To help prevent these kinds of unexpected leaks to your main space, it’s recommended you use a dedicated Google Account for your private space that hasn’t been signed in elsewhere.
source: https://support.google.com/android/answer/15341885#different_google_account
Hawk_Tuah You safed my day dude, I really forgot about the fact that I have 2 more profiles with protonvpn on my phone. Makes sense and now it works everything as intended. Thank you so much!
Best regards
The setup page for PS says, at least in Google stock OS: "Anyone that connects your device to a computer or installs harmful apps on your device may be able to access your private space". This doesn't occurs with separate profiles, that are not accessible from apps. Seems that PS is less secure than to have separate profiles, no?
Private Space is for sure the coolest feature in Android 15. I love it!
It would be so cool to have the ability of having multiple Private Spaces in owner, I hope we will get that one day.
And I just noticed that I can't install PWAs in PS, that sucks :(
IcyScroll you can use this app:
https://github.com/MateusRodCosta/Share2Storage
And this app
https://github.com/ghmxr/apkextractor
And then extract and copy APK files locally. But yeah, not possible for initial setup.
Also may be more restricted than a work profile
Until then, you can use florisboard and its internal clipboard only. Not shared with any app
- Edited
cdflasdkesalkjfkdfkjsdajfd If you keep it locked, it's as safe as a separate user profile. But you won't be getting notifications. It's another tool, not a replacement.
And in case something goes spectacularly wrong, like someone starting a screen record on Owner, they could see what you're doing in private space, but at this point, you have other problems.
As I see it, currently user profiles have the following security related advantages:
- separate view (I think GrapheneOS mentioned they still investigate this area: accessibility apps, autofill apps, etc.)
- separate clipboard (for now, but GrapheneOS is working on disable option)
- ability to lock and still send notifications (with Graphene's forwarding)
- you can have many of them
I'll move gov-id app and phone carrier app there, as they don't need notifications, and keep it locked. Maybe separate passwords manager and notes apps, with less used, but extra valuable stuff.
From time to time GrapheneOS mentions they work on fast user profile switching, I'm still counting on this.
@GrapheneOS Installing apps in Private Space using Google Playstore grants "Network" permission by default. Is this a bug?
Upstate1618 Can apps in Private Space know what apps I have in the owner profile, or vice versa?
Murcielago I can't tell whether apps (including Sandboxed Google Play) in the Owner Profile can see those in the Private Space and vice versa.
Upstate1618 Also can app in the owner profile see what apps I have in Provate Space?
They can't. As per https://xcancel.com/GrapheneOS/status/1848750760252620814#m
Quote:
Apps can't communicate between the Owner user profile and the nested Private Space other than the clipboard. We could add a setting to control the shared clipboard though.
Can also use apps to test whether they can see apps in other profiles. I did a non-academic experiment: https://discuss.grapheneos.org/d/15729-how-does-private-spaces-isolation-compare-to-secondary-user-profile/68
Also keep in mind that GrapheneOS wrote in the first post in this thread that apps in Private Space are regular sandboxed apps.
daycare-escapee Installing apps in Private Space using Google Playstore grants "Network" permission by default. Is this a bug?
Could you please share more details and clarify what you mean? Such as whether or not you are explicitly denying them network permission in the Install dialogue?
fid02 I kicked off installation of a bunch of apps. While the Playstore was in foreground, I was prompted with the Install dialog. However, once I went to Homescreen and the Playstore was no longer in foreground, I wasn't prompted with the Install dialog anymore for the apps that were still being downloaded. Later those apps were installed in the background with "Network" permission allowed.
- Edited
daycare-escapee Later those apps were installed in the background with "Network" permission allowed.
I noticed the same thing using Aurora Store. No popup asking for network permission when installing apps in background in private space.
[deleted]
Pixel 6a
Private space misbehaves so much that I factory re set my phone and now don't use it any more.
I initially enabled private space and loaded in apps, no problem
Set a pin, no problem
Lock private space, no problem
Unlock private space and no apps show in the private space screen, however taping the space launches apps. From now on private space is always blank... including GrapheneOS apps. tried hiding and un-hiding private space to no avail, all the apps including the GrapheneOS apps are not visible but can be tapped and launched, if you can remember where they are. Is this how private space is supposed to operate? I have no idea, but don't think so.
I deleted and reinstalled private space no apps visible.
I factory reset the phone and tried again.. apps visible in private space until I close it and later open it to reveal no apps visible
Now if I use a pass phrase, I cant open Private space, with the correct pass phrase.
Given up.
Factory reset the phone a 3rd time and wont use private space.
Anyone else have this anomaly?
Today i noticed another issue with private space. If you open an app directly after unlocking right when the icon gets visible. The app directly closes after opening. This then keeps happening to all apps untill i lock and unlock the Private space.
Has anybody else seen this?