Upstate1618 Can apps in Private Space know what apps I have in the owner profile, or vice versa?

Murcielago I can't tell whether apps (including Sandboxed Google Play) in the Owner Profile can see those in the Private Space and vice versa.

Upstate1618 Also can app in the owner profile see what apps I have in Provate Space?

They can't. As per https://xcancel.com/GrapheneOS/status/1848750760252620814#m

Quote:

Apps can't communicate between the Owner user profile and the nested Private Space other than the clipboard. We could add a setting to control the shared clipboard though.

Can also use apps to test whether they can see apps in other profiles. I did a non-academic experiment: https://discuss.grapheneos.org/d/15729-how-does-private-spaces-isolation-compare-to-secondary-user-profile/68

Also keep in mind that GrapheneOS wrote in the first post in this thread that apps in Private Space are regular sandboxed apps.

daycare-escapee Installing apps in Private Space using Google Playstore grants "Network" permission by default. Is this a bug?

Could you please share more details and clarify what you mean? Such as whether or not you are explicitly denying them network permission in the Install dialogue?

    fid02 I kicked off installation of a bunch of apps. While the Playstore was in foreground, I was prompted with the Install dialog. However, once I went to Homescreen and the Playstore was no longer in foreground, I wasn't prompted with the Install dialog anymore for the apps that were still being downloaded. Later those apps were installed in the background with "Network" permission allowed.

      daycare-escapee

      daycare-escapee Later those apps were installed in the background with "Network" permission allowed.

      I noticed the same thing using Aurora Store. No popup asking for network permission when installing apps in background in private space.

        • [deleted]

        Pixel 6a

        Private space misbehaves so much that I factory re set my phone and now don't use it any more.

        I initially enabled private space and loaded in apps, no problem
        Set a pin, no problem
        Lock private space, no problem
        Unlock private space and no apps show in the private space screen, however taping the space launches apps. From now on private space is always blank... including GrapheneOS apps. tried hiding and un-hiding private space to no avail, all the apps including the GrapheneOS apps are not visible but can be tapped and launched, if you can remember where they are. Is this how private space is supposed to operate? I have no idea, but don't think so.
        I deleted and reinstalled private space no apps visible.
        I factory reset the phone and tried again.. apps visible in private space until I close it and later open it to reveal no apps visible
        Now if I use a pass phrase, I cant open Private space, with the correct pass phrase.
        Given up.
        Factory reset the phone a 3rd time and wont use private space.

        Anyone else have this anomaly?

          Today i noticed another issue with private space. If you open an app directly after unlocking right when the icon gets visible. The app directly closes after opening. This then keeps happening to all apps untill i lock and unlock the Private space.

          Has anybody else seen this?

            Can the Google Play Store inside the private space install and update apps outside of it? Like how the Google Play Store on the owner profile can push apps to other profiles and update them, all from that owner profile.

            I'm guessing the answer is no, but thought it'd be best to make sure.

              Is it possible to use a banks wallet app (other than google wallet/pay) in the private space and make one of the banking cards in that wallet the default one? It is possible in owner and user profiles.

                tilion_silverbow

                Can the Google Play Store inside the private space install and update apps outside of it?

                No.

                Like how the Google Play Store on the owner profile can push apps to other profiles and update them, all from that owner profile.

                That's not true. Sandboxed Google Play is a regular sandboxed app and cannot do things across profiles. It has nothing to do with how it works on the stock OS where Google Play are privileged OS components with privileged permissions to interact and operate across profiles among many other things. That is certainly not the case on GrapheneOS.

                Packages installed across multiple profiles are shared and updating them in one will update them across the others. That's not specific to any particular installer.

                  GrapheneOS does updating apps in Owner profile also update apps in private space or is that only between profiles?

                    @GrapheneOS Is there any security reason to use different password for private space instead of only screen unlock? It was advised for secondary users.

                    Is it possible to use Android Auto in the private space?

                      faxe If the apps have the same app id, updating them in one profile updates them in all. Each variant of an app is meant to have a unique app id to avoid signing key conflicts or switching variants if they use the same signing key, etc.

                      4nu4b You can use it in a secondary user but it probably won't work in the Private Space right now. You would need to try it and see what happens.

                      GrapheneOS Is this issue planned to be worked on whatsoever?
                      Just personally pitching in that it would revolutionise the way I use GOS as of now, and that probably most of the isolated owner and work second profile users would as well.

                      Thank you for all of the work.

                      I've been using Work (user) profile with GPS and Play store to update the apps installed in both Owner and Work profiles (Owner's had its GPS uninstalled after setting up the untrustworthy apps with no network permission, such as Gboards, Gcam, Speech Recognition & Synthesis, Recorder). Would this be possible in Private Space?

                      Stewart No - only one. See above in the discussion. I thought there will be multiple.

                      Does anybody know if it's possible to lock the private space at given time? All work apps should go to sleep at 18.00. Wakeup in the morning would be more difficult - the unlock requires a password or fingerprint