Hi. I was wondering if anyone could help me with a question about the multiple user profiles?

When you make a second user and use the profile for a time then delete it what happens to the storage? Is it deleted completely? Is it marked deleted and left on disk? Is it encrypted or is it still accessible through some sort of data scrape?

What happens to the storage contents once the profile is deleted?

    proph Hello there!

    I would highly recommend reading through the website's FAQ as well as the rest of the documentation.

    For your specific question, this section applies:

    https://grapheneos.org/faq#encryption

    The OS stores a high entropy random value as the Weaver token on the secure element (Titan M on Pixels) and uses it as another input for key derivation. The Weaver token is stored alongside a Weaver key derived by the OS from the password token. In order to retrieve the Weaver token, the secure element requires the correct Weaver key. A secure internal timer is used to implement hardware-based delays for each attempt at key derivation. It quickly ramps up to 1 day delays before the next attempt. Weaver also provides reliable wiping of data since the secure element can reliably wipe a Weaver slot. Deleting a profile will wipe the corresponding Weaver slot and a factory reset of the device wipes all of the Weaver slots. The secure element also provides insider attack resistance preventing firmware updates before authenticating with the owner profile.

    I hope that helps!

      matchboxbananasynergy

      That is a great read thank you.
      If I understood it correctly, each profile has its own encryption and everything in the profile is encrypted on disk at rest. When the profile is deleted though is the data simply left encrypted and the keys discarded or is it actually purged with random 1s and 0s?
      Also, if there is no PIN or security given to the user profile does it still get encrypted with a random key or something of the sort?
      Thank you!