I saw this app on Accrescent, but I couldn't find a review about it. Can anyone inform me about how secure this method of sharing data between profiles is?

    Dumdum There's a security section in the README here:
    https://github.com/VentralDigital/InterProfileSharing

    From that site:

    Although this App never connects to the Internet, it still requires this permission as its inter-profile communication depends on connecting over localhost (127.0.0.1).

    Okay, so they are exploiting the known security hole that localhost communication is still allowed between user profiles, even though user profiles are not supposed to have any means of communicating with each other, and are supposed to be totally isolated from each other.

    Whenever Google or GrapheneOS project gets to fix that security hole, that application will likely not function anymore. But until then it should be private, if that is what they are doing.

    You can also use Syncthing-Fork over localhost pretty fine. And yeah, that will likely not be possible anymore soon.

      missing-root
      Which will be a shame. Ideally, GrapheneOS would implement its own feature to do this in a secure manner. Or allow local host connections as an app permission toggle.

      But absent this app there is no real decent way to transfer data between profiles. And there should be.

        For those unsatisfied with localhost solutions, 2x possible alternatives:

        USB-C flash drive, small one kept on keychain for easy access

        Molly/Signal, trusted encrypted Drive app, or similar on each profile needing data transfer

          zzz Molly is not local, you are sucking random donation-paid server resources for your paranoia ;)

          Instead you can use Localsend over Wifi, this works locally. If you are paranoid, you could also use another pixel with wifi hotspot as the wifi network. On the go too, can be EOL, all you need is the wifi antenna, no internet connection. Syncthing-Fork over wifi too.

          If localhost is blocked, I assume that each profile has a different localhost? No idea though. I dont think there will be a permission.

            missing-root Molly is not local,

            They know that. Hence why they said "For those unsatisfied with localhost solutions".

            you are sucking random donation-paid server resources for your paranoia

            Am I misunderstanding this comment? Molly still uses Signal's servers, not "random donation-paid servers".

              JollyRancher Which will be a shame. Ideally, GrapheneOS would implement its own feature to do this in a secure manner.

              I think the way QubesOS has done it is really neat. It would be wonderful if GrapheneOS had something similar, built-in.

              Until then, I transfer files to my computer and back to the other profile using MTP over USB-C. That avoids exposing the file metadata to the internet or even local network, avoids exposing the files unencrypted to the USB stick, and avoids relying on possibly unaudited third-party apps. I am using my computer to do backups anyway, since GrapheneOS does not support LUKS2 or similar, and thus is pretty useless as main hub for local backups.

                missing-root
                My recommendations are driven more by the need for simplicity and ease of setup for less technical users.

                My grandparents can comfortably trust and install signal, or trust and use a USB-C flash drive.
                Less so for localhost + a random app.

                Side question - could one use a localhost solution via native GOS tools only, without trusting a new app? Curious to learn.

                missing-root signal is paid by donations

                Point well taken
                Agreed that USB-C would be the more socially responsible choice, depending on your usage / volume / feelings about Signal etc

                  zzz

                  I dont get the grandparents and socially choice thing.

                  Localhost is there, syncthing-fork works well, that other app is also very likely secure.

                  Using a usb flash device means it needs to be unencrypted. Android is uncapable of LUKS or other encryption methods for external media.

                  Android is also incapable of wiping a USB device afaik. So overwriting it with /dev/urandom, 0-s or 1-s. So if you use a flashdrive, you use an unencrypted medium and leave traces on it, even when deleting the things.

                  So well, I would say encrypted localhost communication is more secure.

                  I dont use user profiles, I just use the private space and the work profile. There I can just use the native share portal.

                  Android has no native network sharing option afaik. Just bluetooth.

                  I've tried Inter Profile Sharing, it works very well and you can enable encryption. The app has been designed and tested especially for GrapheneOS according to the developer.

                  In a similar vein, I'm thinking of Localsend which is a great app too that I discovered through Josh from Side of Burritos, your devices just need to be on the same LAN, it uses Multicast DNS to detect your devices on your LAN, there's nothing to configure and exchanging data between my different devices has never been easier.

                    Xtreix

                    You can also set some localsend devices as favourites and allow auto-downloading from them. This makes it easier for sending stuff to user profiles

                    Inter Profile Sharing dev here (Hello!)

                    ryrona Until then, I transfer files to my computer and back to the other profile using MTP over USB-C. That avoids exposing the file metadata to the internet or even local network, avoids exposing the files unencrypted to the USB stick, and avoids relying on possibly unaudited third-party apps.

                    Just to clarify: Inter Profile Sharing specifically only listens to connections on the local loopback device. Even while your phone is connected to a network, nobody in that same network should be able to connect to it. Furthermore, with encryption enabled not even other applications on the same device will be able to obtain any information on what is being shared.

                    The App has indeed not been audited by a third-party so far (paying for a professional review isn't really reasonable for a hobby project that I mostly wrote for myself). I made sure to thoroughly document and comment the code though, and I welcome anyone to take a look at the code, it's really quite simple. The App has 2000 lines of code, most of which is UI-related boilerplate.

                    For the curious I've picked out the most relevant code-parts here:

                    zzz Side question - could one use a localhost solution via native GOS tools only, without trusting a new app?

                    I didn't find one, but you could instead use KDE Connect, it's not quite as convenient but it gets the job done and should be easier to trust. It even works without any network connection at all if you pair profiles manually via 127.0.0.1

                    It's totally understandable to question new random apps that pop out of nowhere. Let me know if there are any other concerns I can try to clear up!

                    Cheers