User profiles and sanboxed Google Play

aurelian

Hi, new user here.
I have a few questions regarding User profiles, sandboxed Google Play.
Say I setup 2 additional profiles, so I'll have Owner, user1, user2.
1) If I have the owner profile unchanged and my real contact list in the user1 profile, but then switch to user2, would I be able to receive phone calls(in user2) with names from the contact list of user1? Can someone please explain how this should work and how should I setup this?
2) As far as I got it, when I'm using the user1 profile, I won't be able to get the notifications from the user2 because there is no intercommunication between profiles. However, as it states in here: https://grapheneos.org/features#notification-forwarding I actually should receive the notifications? Please explain how it should work(with sandboxed google play and without in user2 profile, if it makes any difference of course).
3) In here https://grapheneos.org/usage#sandboxed-google-play-installation it's not clear to me a bit:
why is it optional to sign in to Google account if without it I won't be able to install the apps?
It also says "This is still true even for an alternate frontend to the Play Store. Aurora Store still requires an account but fetches shared account credentials from Aurora Store's service by default."
And it makes some newbie as I am very confused. Does Aurora store use its own login instead of mine? If so, how is that any secure, in terms of data, privacy and actual right. Like they could claim it's their account, therefore everything is theirs, no?

Dumdum

aurelian would I be able to receive phone calls(in user2) with names from the contact list of user1?

No. Contact lists are separate.

2) As far as I got it, when I'm using the user1 profile, I won't be able to get the notifications from the user2 because there is no intercommunication between profiles. However, as it states in here: https://grapheneos.org/features#notification-forwarding I actually should receive the notifications? Please explain how it should work(with sandboxed google play and without in user2 profile, if it makes any difference of course).

User profiles have the setting "Send notification to current user" which can be enabled per-profile. If you want to have notifications from User1 while Owner or User2 is active, then you must turn this setting on for User1.

why is it optional to sign in to Google account if without it I won't be able to install the apps?

Because apps can still make use of the Google services even without an account, as long as GPlay/GMS are available and detected at the time that the app is installed. Account is only required for app installation from Google Play.

Does Aurora store use its own login instead of mine?

If you're using the "Anonymous login", yes. You can choose (for little to no real benefit) to use Aurora with your own account. As for the followup to this question, I wouldn't be able to tell you.

fid02

aurelian why is it optional to sign in to Google account if without it I won't be able to install the apps?

An account is always optional, even on Google's stock PixelOS. Why Google made it that way I don't know, but keep in mind that Android by design allows users to install apps either from other app stores or from APK files. Apps that do not come from the Play Store can still use Play services for notifications. Play services also has other features that don't require a Google account, such as support for security keys; some GrapheneOS users install Sandboxed Google Play just to be able to use security keys.

Of course, if you want to install apps from Play Store then you need a Google account.

aurelian Does Aurora store use its own login instead of mine?

Aurora Store's "anonymous" feature signs you in with one of Aurora Store's own Google accounts. That often causes sign-in issues probably because Google accounts are not supposed to (not allowed to?) be shared across hundreds of users.

aurelian If so, how is that any secure, in terms of data, privacy and actual right.

It doesn't make anything more secure. It just makes people feel better by thinking that they are minimizing the data that Google collects from their app usage. Lots of apps contain Google proprietary blobs so in practice there is still plenty of opportunity for app usage data collection, even if you downloaded the apps from an alternative app store.

I can't answer for the profile questions because I don't use secondary user profiles much.

aurelian

Dumdum No. Contact lists are separate.

Is there any secure/privacy way around it?
If for instance I have contact1 and contact2 under my user1 profile and I'll install WhatsApp under user2 and only contact3 and contact4 will be under user2 profile, it would mean I won't be able to conveniently get phone calls from the contact list of user1 while under user2 and vice versa.
There must be a way.

Dumdum User profiles have the setting "Send notification to current user" which can be enabled per-profile. If you want to have notifications from User1 while Owner or User2 is active, then you must turn this setting on for User1.

I knew I missed something like that, thanks!
Does it affect/reduce security in anyway please?

fid02 Play services also has other features that don't require a Google account, such as support for security keys

What does it mean please? Can you provide an example?

fid02 It doesn't make anything more secure. It just makes people feel better by thinking that they are minimizing the data that Google collects from their app usage. Lots of apps contain Google proprietary blobs so in practice there is still plenty of opportunity for app usage data collection, even if you downloaded the apps from an alternative app store.

Dumdum If you're using the "Anonymous login", yes. You can choose (for little to no real benefit) to use Aurora with your own account. As for the followup to this question, I wouldn't be able to tell you.

Okey, but what is the connection between the account(real or fake) and the app itself, is there any connection between them or perhaps it's not known yet?
Because if it's some application like Instagram, I would want to tie it to my real user account, because it's part of my real life and I don't want any fake Google accounts to interfere. Or am I getting this wrong?

fid02

aurelian What does it mean please? Can you provide an example?

Are you asking what I mean by security keys? This is one security key maker: https://www.yubico.com/products

They're basically used to offer a phishing-resistant alternative to signing in to accounts with passwords. GrapheneOS doesn't support them natively yet, but you can install sandboxed Google Play to get them mostly working.

aurelian Okey, but what is the connection between the account(real or fake) and the app itself, is there any connection between them or perhaps it's not known yet?
Because if it's some application like Instagram, I would want to tie it to my real user account, because it's part of my real life and I don't want any fake Google accounts to interfere. Or am I getting this wrong?

I'm not entirely sure I understand the question. Note that Aurora Store doesn't share account data with other apps. So if you're using Aurora Store it won't affect the behaviour of Instagram.

On that note, there are security reasons for why you should generally avoid using Aurora Store. I tried to write about that here: https://discuss.grapheneos.org/d/20760-im-confused-about-google-accounts/30

Dumdum

aurelian it would mean I won't be able to conveniently get phone calls from the contact list of user1 while under user2 and vice versa.

No. You can get phone calls, it just won't show their name/details since those are on the other profile. Phone calls are from the phone number and are independent of on-device contact info. As for "secure/private way around it", you can just use Contact Scopes and only allow apps access to the specific contacts you want them to use.

Does it affect/reduce security in anyway please?

Can't say anything from a technical perspective, but Graphene devs wouldn't implement features unless it can be done in a secure way (or has no effect on security), so its fine as far as I'm concerned.