Private Space on Android 15 GrapheneOS

fid02

Upstate1618 Can apps in Private Space know what apps I have in the owner profile, or vice versa?

Murcielago I can't tell whether apps (including Sandboxed Google Play) in the Owner Profile can see those in the Private Space and vice versa.

Upstate1618 Also can app in the owner profile see what apps I have in Provate Space?

They can't. As per https://xcancel.com/GrapheneOS/status/1848750760252620814#m

Quote:

Apps can't communicate between the Owner user profile and the nested Private Space other than the clipboard. We could add a setting to control the shared clipboard though.

Can also use apps to test whether they can see apps in other profiles. I did a non-academic experiment: https://discuss.grapheneos.org/d/15729-how-does-private-spaces-isolation-compare-to-secondary-user-profile/68

Also keep in mind that GrapheneOS wrote in the first post in this thread that apps in Private Space are regular sandboxed apps.

fid02

daycare-escapee Installing apps in Private Space using Google Playstore grants "Network" permission by default. Is this a bug?

Could you please share more details and clarify what you mean? Such as whether or not you are explicitly denying them network permission in the Install dialogue?

daycare-escapee

fid02 I kicked off installation of a bunch of apps. While the Playstore was in foreground, I was prompted with the Install dialog. However, once I went to Homescreen and the Playstore was no longer in foreground, I wasn't prompted with the Install dialog anymore for the apps that were still being downloaded. Later those apps were installed in the background with "Network" permission allowed.

DeletedUser131

daycare-escapee

daycare-escapee Later those apps were installed in the background with "Network" permission allowed.

I noticed the same thing using Aurora Store. No popup asking for network permission when installing apps in background in private space.

sav

DeletedUser131 I noticed the same thing using Aurora Store. No popup asking for network permission when installing apps in background in private space.

Same here. But I used Aurora Store - not within Private space yet - to update Google Pixel Camera app on Android 15. At install time (with Android 14) I had rejected Network permission.

So why can Google Pixel Camera re-gain Network permission automatically on update, without my knowledge? From own experience, this might be a more general problem outside Private Space.

[deleted]

Pixel 6a

Private space misbehaves so much that I factory re set my phone and now don't use it any more.

I initially enabled private space and loaded in apps, no problem
Set a pin, no problem
Lock private space, no problem
Unlock private space and no apps show in the private space screen, however taping the space launches apps. From now on private space is always blank... including GrapheneOS apps. tried hiding and un-hiding private space to no avail, all the apps including the GrapheneOS apps are not visible but can be tapped and launched, if you can remember where they are. Is this how private space is supposed to operate? I have no idea, but don't think so.
I deleted and reinstalled private space no apps visible.
I factory reset the phone and tried again.. apps visible in private space until I close it and later open it to reveal no apps visible
Now if I use a pass phrase, I cant open Private space, with the correct pass phrase.
Given up.
Factory reset the phone a 3rd time and wont use private space.

Anyone else have this anomaly?

gergb1970

[deleted] I just created the Private Space today and I have the same issue with build 2025021100 on Pixel 6. Every time the Private Space is unlocked all but the lower 5 GOS apps (Files, Gallery, Info, PDF Vie..., Vanadium) are invisible. Also the settings button is missing and the Lock button is only the icon (does not include the word Lock). If I enable and disable Hide Private Space... while it's unlocked, the apps become visible, the settings button returns and the lock button says Lock.

DeletedUser131

Today i noticed another issue with private space. If you open an app directly after unlocking right when the icon gets visible. The app directly closes after opening. This then keeps happening to all apps untill i lock and unlock the Private space.

Has anybody else seen this?

lordiont

DeletedUser131 Yes. Same thing is happening to me. I've been using Private Space with sandboxed Google play services for a couple weeks with no issues.

But recently, there was an update for them via the GOS Apps repo, and during installation there was an error. After that, whenever I unlock the Private Space and try to open any app, it immediately quits. Opening Google Play Store only results in a stuck/indefinite splash screen. I've restarted the phone, but nothing works.

Any ideas?

tilion_silverbow

Can the Google Play Store inside the private space install and update apps outside of it? Like how the Google Play Store on the owner profile can push apps to other profiles and update them, all from that owner profile.

I'm guessing the answer is no, but thought it'd be best to make sure.

GrapheneOS

tilion_silverbow

Can the Google Play Store inside the private space install and update apps outside of it?

No.

Like how the Google Play Store on the owner profile can push apps to other profiles and update them, all from that owner profile.

That's not true. Sandboxed Google Play is a regular sandboxed app and cannot do things across profiles. It has nothing to do with how it works on the stock OS where Google Play are privileged OS components with privileged permissions to interact and operate across profiles among many other things. That is certainly not the case on GrapheneOS.

Packages installed across multiple profiles are shared and updating them in one will update them across the others. That's not specific to any particular installer.

DeletedUser59

Is it possible to use a banks wallet app (other than google wallet/pay) in the private space and make one of the banking cards in that wallet the default one? It is possible in owner and user profiles.

banjon

DeletedUser59 I wanted to move my banking app to the Private space that has Google services installed so I could pay with my phone without switching profiles.

In order to make NFC payments my Swedbank app requires biometric unlock to be enabled on the device. In order to achieve this I had to disable the Use device screenlock and setup new PIN and a fingerprint for the private space. This is a little bit of a drawback because I have to unlock the Private space explicitly whenever I unlock the device even though the Private space is set to be locked only when device restarts. I could live with this if payments worked.

The last thing the app needs to enable contactless payments is to set the Swedbank app as the default payment method and this is where I got stuck. Setting Swedbank app as the default payment app in the NFC settings is not detected by the app, it says it is not the default payment app. Trying to set the same setting through the app results in an "empty button click", the check mark just cannot be set an no error message is thrown. I will try reading the logs later, maybe I will see something.

But it seems that this i a problem of the Private space as the app works fine on a separate profile.

tilion_silverbow

GrapheneOS Thank you for clarifying the distinction!

faxe

GrapheneOS does updating apps in Owner profile also update apps in private space or is that only between profiles?

GrapheneOS

faxe If the apps have the same app id, updating them in one profile updates them in all. Each variant of an app is meant to have a unique app id to avoid signing key conflicts or switching variants if they use the same signing key, etc.

dsdx331

@GrapheneOS Is there any security reason to use different password for private space instead of only screen unlock? It was advised for secondary users.

4nu4b

Is it possible to use Android Auto in the private space?

GrapheneOS

4nu4b You can use it in a secondary user but it probably won't work in the Private Space right now. You would need to try it and see what happens.

Hb1hf

Hawk_Tuah you're welcome. VPN on that thang!

stupidcreature

GrapheneOS Is this issue planned to be worked on whatsoever?
Just personally pitching in that it would revolutionise the way I use GOS as of now, and that probably most of the isolated owner and work second profile users would as well.

Thank you for all of the work.

Takama

I've been using Work (user) profile with GPS and Play store to update the apps installed in both Owner and Work profiles (Owner's had its GPS uninstalled after setting up the untrustworthy apps with no network permission, such as Gboards, Gcam, Speech Recognition & Synthesis, Recorder). Would this be possible in Private Space?

andrej567

Stewart No - only one. See above in the discussion. I thought there will be multiple.

andrej567

Does anybody know if it's possible to lock the private space at given time? All work apps should go to sleep at 18.00. Wakeup in the morning would be more difficult - the unlock requires a password or fingerprint

« Previous Page Next Page »