How to install apps with multiple profiles in mind?

qdf5bun0

I'm new to Graphene OS and despite trying to read up on a lot of tutorials on how profiles work and how the different app stores work, I'm still a bit confused. My threat model is basically to do my best to reasonably prevent Google/apps from collecting unnecessary data about me and selling to advertisers. I'm not a cyber criminal/journalist/etc. so I don't really need anything beyond that.

From what I understand, my ideal setup is as follows:

Admin: The admin profile which I never install or use anything in
FOSS: Install apps via: 1) Obtainium (If on GitHub), 2) Neo Store (If not on GitHub)
Aurora: All the apps I can install via Aurora Store
Google: All the apps which specifically require Google Play Store/services
Finance: Financial Apps
Work: Microsoft Teams

Is this a decent setup? If so, I'm a bit confused regarding how to actually install these apps. I can either install everything on my Admin profile and "push" to other profiles, or I can install on each of my profiles. I'm seeing people say that there are issues with F-Droid or whatever if I install some app store/apps on multiple profiles and the updating could get screwed up if the versions are out of date or whatnot.

I'm just trying to figure out: Do I install Obtanium, F-Droid client, Neo Store, Aurora Store, Google Play, etc. on Admin, install everything on the Admin profile and "push" to other profiles, or do I install each of these stores on each of the profiles and install the apps there individually? What if I want an app to be accessible in multiple profiles with the same data? Am I unable to share information across profiles like text messages, phone logs, etc.?

ryrona

qdf5bun0 Generally, if your threat model is solely to prevent Google from collecting data about you, there isn't really any need to split the other non-Google app stores into separate profiles. Just have one separate profile where you have Google Play, Google Play Services, and all apps that require those. And then another profile for all the rest. That other profile can be the owner profile, there is no real reason not to use the owner profile.

So, I suggest for you:

Owner profile: All FOSS apps and other apps without Google components in them. This includes Obtainium, F-Droid and similar app stores in here.

Google profile: Google Play, Google Play Services and all apps that require them. Don't use Aurora, just use Google Play instead. Aurora would still need to connect to your Google account, and Google Play is already very sandboxed. You can shut down this profile at any time to turn off everything Google related, preventing tracking.

You can of course have a separate work profile too if you want, separate from your Google profile, if you want to prevent your private activity from being linked to your work activity, in case both use Google components, or both use Microsoft components, or so on. Generally, if you would use different e-mail addresses for signup, put the apps in different user profiles. If you use the same e-mail address for signup, put them in the same profile, as those would be linked anyway.

gk7ncklxlts99w1

qdf5bun0 I might not be able to directly address your problems but I have some thoughts.

I don't see a reason why you can't use Aurora alongside Google Play. No need to keep them in separate profiles.

I think you will find after a while that managing half a dozen profiles will be extremely inconvenient. I'm having my own troubles managing 3. The number of PINs and passwords to remember would confuse you and you could get locked out, unless you write them all down somewhere, but then you would need a secure place to keep them, and you would still need to remember them if you want your phone to be accessible.

While the general advice seems to be to separate Google activity, I've simply found that to be infeasible. I separate by profiles in a different way. I don't use anything on Owner, but I do have Orbot running, so only phone updates are routed through Tor and nothing else. I have a secondary profile I use as my main - it has Google Play Services but I'm not logged in. I use it for almost everything, but I keep a separate profile for email clients and Bitwarden.

I tried separating profiles based on Google and FOSS but it was too much of a hassle. It would require switching profiles too often. What if I want to listen to music (Tidal or Spotify) while reading a book with Librera Reader (FOSS)? Also, Contacts don't cross over between profiles, so I wouldn't know who was ringing me unless I manually copied over my contacts for each profile and keep them updated. Too much work. I'm still open to feedback about my profile setup, but I design it around the situation where my phone is stolen or remotely compromised. Besides orbot running in Owner 24/7, it's a security focused design and gives little thought to privacy.

qdf5bun0

ryrona

Thanks for your very comprehensive reply, I appreciate it. I've got a setup right now of a owner profile with Obtanium, Accrescent, and Google Play where I download all my apps. I disable all the downloaded apps in my owner profile and push them out to either my "Primary profile" for all apps that don't require Google Play Services to run (FOSS and non-FOSS downloaded through Obtanium or Google Play) or a Google profile where I have apps that require Google Play Services to run (e.g. Uber).

If I were to install all the apps that I don't need Google Play Services to run in my owner profile, then wouldn't Google Play Services still be running in my owner profile in order to run Google Play and keep all my apps updated?

My main dilemma is that it's a little annoying to have my Primary profile not be the Owner profile and have to switch to Owner to do stuff like add blocked numbers and so on. I'd like to primarily use my Owner profile, but then that means that I'm primarily using a profile that has Google Play Services running on it just to maintain Google Play to keep my apps updated.

There are plenty of apps which I can only download through Google Play, but don't need Google Play to run and function. I'm trying to figure out how to deal with this problem. Most of the apps I use are in this category (Spotify, Snapchat, Pixel Camera, Discord, etc. all need to be downloaded and updated via the Play Store, but don't need to have Play Services actively running to function).

ryrona

qdf5bun0 If I were to install all the apps that I don't need Google Play Services to run in my owner profile, then wouldn't Google Play Services still be running in my owner profile in order to run Google Play and keep all my apps updated?

You can install Google Play Services only in your secondary user profile. You don't need to push apps to other profiles at all. Just open the built-in App Store in your secondary user profile, and install Google Play. Then it would not be installed in your owner profile at all.

qdf5bun0 There are plenty of apps which I can only download through Google Play, but don't need Google Play to run and function. I'm trying to figure out how to deal with this problem.

Ah, okay, in that case your current setup of pushing apps makes more sense.

HarryB

gk7ncklxlts99w1 Also, Contacts don't cross over between profiles, so I wouldn't know who was ringing me unless I manually copied over my contacts for each profile and keep them updated. Too much work.

Thank's for this important advice!

HarryB

gk7ncklxlts99w1 I don't use anything on Owner, but I do have Orbot running, so only phone updates are routed through Tor and nothing else.

I understand that your setup ist security focused. May I ask you what's the advantage of routing phone updates over TOR(Orbot)?

gk7ncklxlts99w1

HarryB

Good question, and I don't really have a good answer. I got this advice from Side of Burritos (youtube). I'm not 100% sure what the advantage is, except that it allows me to effectively achieve what a VPN would do but without having to use one. I can only use a limited number of devices with my VPN. So I can use Tor in as many profiles as I want.

I'm hoping that it means my ISP will not know I'm using GrapheneOS, and (and this is probably a stretch) I know my traffic is encrypted so MITM attacks that try to alter the update will be thwarted. Ultimately I don't really know how effective this is. The updates are probably encrypted already (TLS) so this might be pointless.

de0u

gk7ncklxlts99w1 I know my traffic is encrypted so MITM attacks that try to alter the update will be thwarted. Ultimately I don't really know how effective this is. The updates are probably encrypted already (TLS) so this might be pointless.

GrapheneOS updates are not encrypted (they contain nothing secret). They are signed, so tampering should not be possible. See: