• General
  • Pls help to collect inputs (!only) that influence users scheme setup in A15

I'm in a process of figuring out what's the proper scheme to organise user profiles and distribute apps. Most of topics I've found here rather suggest particular schemes, mentions specific threats models, so I would like to retract a bit and collect some inputs on profiles specific in GOS that will allow me to figure out desired scheme on my own (while balancing tradeoffs between threats, simplicity and usability).
I would like to avoid recommending specifc setup and scheme here, please!
So can you please contribute by mentioning specific and aspects of following items:

Specifics of Private space:

  • exists only in Owner profile
  • doesn't have access to phone and sms (fin apps may fail if they depend on it)
  • shares clipboard with "outside" (decs are considering to implement a setting for that)

Specifics of non-owner user profiles:

  • can't install tools like Termux
  • can't configure some of system-wide settings like private DNS (can do it for apps that allow it, like Vanadium etc)

Specific of switching between profiles:

  • if to use separate user profile, media will stop if once switch to fin-profile
  • only 3 profiles can be active at the same time (apps not frozen)
25 days later

AlphaElwedritsch sorry, I've for some reason I haven't received a notification on last question.

So basically I'm asking to extend the list I've provided in the original post with aspects of functioning Private spaces and User profiles that I've missed to mention.
For example, for Private space I've missed to mention that Bank apps will not be able to use NFC for contactless payments unless you apply a specific workaround involving use of 3rd party app for the config (App manager)

updated list atm
added #3 for PS: bank apps nfc for private space based on https://discuss.grapheneos.org/d/16670-private-space-on-android-15-grapheneos/118

Specifics of Private space:

  1. exists only in Owner profile
  2. doesn't have access to phone and sms (fin apps may fail if they depend on it)
    shares clipboard with "outside" (decs are considering to implement a setting for that)
  3. Bank apps will not be able to use NFC for contactless payments unless you apply a specific workaround involving use of 3rd party app for the config (App manager)

Specifics of non-owner user profiles:

  1. can't install tools like Termux
  2. can't configure some of system-wide settings like private DNS (can do it for apps that allow it, like Vanadium etc)

Specific of switching between profiles:

  1. if to use separate user profile, media will stop if once switch to fin-profile
  2. only 3 profiles can be active at the same time (apps not frozen)

AlphaElwedritsch

AlphaElwedritsch What exactly do you want?
I can't follow you

the intention is as it was written in the op is to collect raw inputs about limitations or specifics of both features so anyone can make decision based on their particular needs.
for example, if someone absolutely requires to have bank app to pay via nfc, based on input PS#3 they may not want to use private space, and thus may follow 3 profiles scheme (clean owner, "main", fin)
or if someone doesn't care about bank apps with NFC in PS, but they absolutely have to have 2 separate profiles for non-"main" activities and running notifications from those 2, then due to limitation "switching"#2, they have to chose a scheme where owner profile is used for main activities
etc