Pls help to collect inputs (!only) that influence users scheme setup in A15

mmobder

I'm in a process of figuring out what's the proper scheme to organise user profiles and distribute apps. Most of topics I've found here rather suggest particular schemes, mentions specific threats models, so I would like to retract a bit and collect some inputs on profiles specific in GOS that will allow me to figure out desired scheme on my own (while balancing tradeoffs between threats, simplicity and usability).
I would like to avoid recommending specifc setup and scheme here, please!
So can you please contribute by mentioning specific and aspects of following items:

Specifics of Private space:

exists only in Owner profile
doesn't have access to phone and sms (fin apps may fail if they depend on it)
shares clipboard with "outside" (decs are considering to implement a setting for that)

Specifics of non-owner user profiles:

can't install tools like Termux
can't configure some of system-wide settings like private DNS (can do it for apps that allow it, like Vanadium etc)

Specific of switching between profiles:

if to use separate user profile, media will stop if once switch to fin-profile
only 3 profiles can be active at the same time (apps not frozen)

mmobder

anyone, anything?

AlphaElwedritsch

What exactly do you want?
I can't follow you

mmobder

AlphaElwedritsch sorry, I've for some reason I haven't received a notification on last question.

So basically I'm asking to extend the list I've provided in the original post with aspects of functioning Private spaces and User profiles that I've missed to mention.
For example, for Private space I've missed to mention that Bank apps will not be able to use NFC for contactless payments unless you apply a specific workaround involving use of 3rd party app for the config (App manager)

mmobder

AlphaElwedritsch

AlphaElwedritsch What exactly do you want?
I can't follow you

the intention is as it was written in the op is to collect raw inputs about limitations or specifics of both features so anyone can make decision based on their particular needs.
for example, if someone absolutely requires to have bank app to pay via nfc, based on input PS#3 they may not want to use private space, and thus may follow 3 profiles scheme (clean owner, "main", fin)
or if someone doesn't care about bank apps with NFC in PS, but they absolutely have to have 2 separate profiles for non-"main" activities and running notifications from those 2, then due to limitation "switching"#2, they have to chose a scheme where owner profile is used for main activities
etc

mmobder

updated list atm
added #3 for PS: bank apps nfc for private space based on https://discuss.grapheneos.org/d/16670-private-space-on-android-15-grapheneos/118

Specifics of Private space:

exists only in Owner profile
doesn't have access to phone and sms (fin apps may fail if they depend on it)
shares clipboard with "outside" (decs are considering to implement a setting for that)
Bank apps will not be able to use NFC for contactless payments unless you apply a specific workaround involving use of 3rd party app for the config (App manager)

Specifics of non-owner user profiles:

can't install tools like Termux
can't configure some of system-wide settings like private DNS (can do it for apps that allow it, like Vanadium etc)

Specific of switching between profiles:

if to use separate user profile, media will stop if once switch to fin-profile
only 3 profiles can be active at the same time (apps not frozen)

mmobder

Small update

Specifics of Private space:
exists only in Owner profile
doesn't have access to phone and sms (fin apps may fail if they depend on it)
shares clipboard with "outside" (decs are considering to implement a setting for that)

Specific of switching between profiles:
if to use separate user profile, media will stop if once switch to fin-profile
only 3 profiles can be active at the same time (apps not frozen)

mmobder

@banjon calling you into this thread as you've posted some relevant inputs to the ajacent one

banjon I have moved other apps to that environment and they work as expected. I moved my eSIM app (which did not work on separate profile), works fine. Android Auto works (but I only use it for navigation so I cannot comment on other functionality much). What is interesting is that I have an app that uses NFC to open gates and it works fine in Private Space.

I'm collecting here some inputs (latest set is in the msg #7) for those who would like to choose what user scheme (owner+PS, multi-user, etc) is optimal for their case. Do I understand correctly, that for you:

eSIM mgmt app(s) does not work in non-owner profile, but it does work in PS?
Android Auto works in both non-owner profile and PS?
Any limitations on that gate app in either non-owner or PS?

Any other limitation of non-owner or PS that you've noticed so far that can help others to choose?

mmobder

unexpectedly - I can't access local network web resources like in 192.168.0.0/16 (available via Ethernet) from secondary user profile. I can access those only from owner. I get "Your internet access is blocked" in Vanadium. haven't yet found any relevant setting (owner) or forum post.
pls help to resolve

mmobder

Small update

mmobder

Specifics of non-owner user profiles:
can't install tools like Termux
can't configure some of system-wide settings like private DNS (can do it for apps that allow it, like Vanadium etc)
can't enable hotspot (only owner can)
can't enable internet tethering (usb/eth/bt)
(NEW) can't start desktop mode, has to switch to owner and then back

mmobder

Specifics of non-owner user profiles:
can't install tools like Termux
can't configure some of system-wide settings like private DNS (can do it for apps that allow it, like Vanadium etc)
can't enable hotspot (only owner can)
can't enable internet tethering (usb/eth/bt)
(NEW) can't start desktop mode, has to switch to owner and then back

Specific of switching between profiles:
if to use separate user profile, media will stop if once switch to fin-profile
only 3 profiles can be active at the same time (apps not frozen)
tethering that was enabled in Owner profile gets disabled once one switches to another profile
(NEW) connected Bluetooth devices get disconnected

mmobder

Specifics of Private space:
exists only in Owner profile
doesn't have access to phone and sms (fin apps may fail if they depend on it)
(UPD) shares clipboard with "outside" (decs are considering to implement a setting for that), though it may be useful if you need to copy-paste single-use CC number from Revolut, for example

Specifics of non-owner user profiles:
can't install tools like Termux
can't configure some of system-wide settings like private DNS (can do it for apps that allow it, like Vanadium etc)
can't enable hotspot (only owner can)
can't enable internet tethering (usb/eth/bt)
(UPD) can't start desktop mode, unless it was started in Owner, so have to switch to owner and then back. Others have reported it works for them without the switch

looped_around

This is super amazing and helpful to know! Thank you. I've been agonizing over how/where to setup my bluetooth devices, but if they will disconnect on profile switching that's something I hadn't realized. Like I had wanted to run my watch in a separate profile that stayed running because I don't want google play services in my owner profile.

mmobder

looped_around re bluetooth I'm yet to test how smart watches works (if notifications comes to them upon switch).
But as of my headset, it get's disconnected immediately and then it doesn't reliability re-connects. So you can't listed to music while switching back and forth.
For smart watches it may be a different story.
Bluetooth devices are shared across profiles in a way.

Open_Source_Enjoyer

looped_around I don't want google play services in my owner profile.

Can the smartwatch work with play services if they don't have network permission?

mmobder

Specifics of Private space:
exists only in Owner profile
doesn't have access to phone and sms (fin apps may fail if they depend on it)
shares clipboard with "outside" (devs are considering to implement a setting for that), though it may be useful if you need to copy-paste single-use CC number from Revolut, for example

Specifics of non-owner user profiles:
can't install tools like Termux
can't configure some of system-wide settings like private DNS (can do it for apps that allow it, like Vanadium etc)
can't enable hotspot (only owner can)
(UPD) can't disable/enable internet, it's only wifi and airplane mode that can be turned on/off
can't enable internet tethering (usb/eth/bt)
can't start desktop mode, unless it was started in Owner, so have to switch to owner and then back. Others have reported it works for them without the switch

looped_around

Open_Source_Enjoyer I'm still trying to get mine connected but I'm going to say no.

Open_Source_Enjoyer

Update

Specifics of Private space:

exists only in Owner profile
doesn't have access to phone and sms (fin apps may fail if they depend on it)
shares clipboard with "outside" (devs are considering to implement a setting for that), though it may be useful if you need to copy-paste single-use CC number from Revolut, for example

Specifics of non-owner user profiles:

can't install tools like Termux
can't configure some of system-wide settings like private DNS (can do it for apps that allow it, like Vanadium etc)
can't enable hotspot (only owner can)
(UPD) can't disable/enable internet, it's only wifi and airplane mode that can be turned on/off
can't enable internet tethering (usb/eth/bt)
can't start desktop mode, unless it was started in Owner, so have to switch to owner and then back. Others have reported it works for them without the switch

Specific of switching between profiles:

if to use separate user profile, media will stop if once switch to fin-profile
only 3 profiles can be active at the same time (apps not frozen)
tethering that was enabled in Owner profile gets disabled once one switches to another profile
(UPD) connected Bluetooth devices get disconnected (in my case they don't reliably reconnect) so you can't listen to music or be at a call while switching
If you switch between profiles, you are probably forced to unlock with PIN/Password instead of your fingerprint, which can be a problem if you in public places with strangers/CCTV and therefore don't want to enter your password.

mmobder

Open_Source_Enjoyer you are probably forced to unlock with PIN/Password

in my case it's rather a glitch, so if I see it asks me for a pin for no reason, I swipe from left edge (or press pwr button iff/on) and it comes back to fingerprint

Open_Source_Enjoyer

mmobder in my case it's rather a glitch, so if I see it asks me for a pin for no reason, I swipe from left edge (or press pwr button iff/on) and it comes back to fingerprint

So you never forced to unlock a profile in AFU state with PIN/password when switching between profiles?
For me its a 30-50% chance that i have to do this, and turn the display on/off doesn't help then.

mmobder

Open_Source_Enjoyer its not that frequent in my case, but I do enter it occasionally.