I,
Im new to graphene Os and far from being an expert about all of it, literally just installed it.
I choose graphene to ensure google doesnt get any info from me and to do a digital detox.
Although i do need some apps and some i´d like to keep.

My question being, how do i keep my privacy if i need to log in to google play store to download the apps and how does it work with the separate profiles, do i need to log in and out of the phone to change profiles?

Im a bit confused on how does it all work tbh.

    (This is my opinion i am not a expert, this is what i figured out by reading stuff on the internet lol)

    this all depends a bit on what you do/ what apps you use.

    If you just use playstore for downloading apps, just make a google account not tied to your real identity.
    It doesnt really matter that they know which app this account downloaded.

    Its more important what apps you use. (since these are which will collect the data..)

    Profiles are new "identitys", which have each an own Vpn setup, only IPC inside each profiles (apps cant commincate between profiles) and are each encrypted seperately.

    But honestly they are not really that usefull for normal setups with not a lot of apps.
    They should be used for the different identity stuff (even tho this isnt imemented perfectly - see drm).
    Or like if you need some stuff which you want to have encrypted most of the time.

    R-rafael Hi en welcome to the GrapheneOS community! 'All' about user profiles is here: https://seprand.github.io/

    Personally I have no issues logging in for using the Play Store. I do use an account name that is not easily traceable to me, which I did not use before. With Aurora store you can use the store without logging in, but it is not as secure.

    Switching between profiles can be done with or without a password/code and/or fingerprint. It is quite easy.

        Michiel With Aurora store you can use the store without logging in, but it is not as secure.

        It has also no privacy benefit over sandboxed Play Services and doesn't avoid Google or Google's tracking, so there isn't a reason to have Aurora Store for normal usage in the first place.

        Creating an anonymous Google account is possible and shouldn't be too hard. You can skip the phone number requirement by creating the account from in-app over a non-suspicious IP. (no Tor, no VPN)
        Something like public library WiFi is a common recommendation.

            Michiel

            How exactly do you enable switching between profiles without a code or fingerprint? I haven't been able to find this setting.

                What are the privacy concerns with using an Aurora anonymous account? Everyone says don't do it for security concerns but never says what those are.

                Also, what do you mean by you aren't gaining any privacy by using aurora store? I'm just trying to understand..... Isn't the point of Aurora to download apps anonymously without having google play services installed?

                  greenwood

                  Security concerns:

                  The actual connection is improperly secured, aurora trusts every CA. Play store has a reduced CA set.

                  Metadata isn't properly verified.

                  Your google account could be terminated for using it on Aurora.

                  There's no privacy benefit compared to using an anonymous account.

                  Matchbox has given use cases for it however, such as apps that require stock OS for install but not usage, and "In a profile where you're not using sandboxed Google Play" (his words)

                  For disclosure: I personally use Aurora

                    blackcat8 Do not set a pincode for unlocking the device for a profile (not recommended except for profiles that do not include sensitive data).

                      Thank you all for your replies.

                      The apps i got so far that have any connection with my real goggle account are, Whasapp, Spotify, Wikiloc, Windy, Proton apps and now in the process of getting autozen to replace android auto but since i need to pay for it through my google acount, ive tried to not give any unecessary permission to any of them.
                      I bought a new pixel 8A specifically for this purpose and created a google account without any info for that purpose.

                      The concerning thing is, that i went to get zen auto now and the pixel 8A show on my devices on my normal google acount, hows it possible?

                      I've logged in to the sandbox google acount through that new acount so the pixel 8A should appear on my device list?

                      Have i done something wrong?

                      How can i solve this and make sure google doesnt know about the 8A and what effects it might have on my privacy now that they know about my new pixel 8A?

                      Thank you all

                        R-rafael How can i solve this and make sure google doesnt know about the 8A

                        Assuming you are on the same WLAN as other devices logged into your (old) Google account - by now Google definitely knows about your 8a.

                            n3t_admin even with a VPN on in everything?

                            I've just made a clean up on my goggle acount, have deleted all old devices and the 8A and reported it as unknown so google asked me to change password on my google acount hopefully that'll do the trick?

                            If it doesnt how compromissed would my new phone and graphene activity mooving on be?

                            In case i've actually done something wrong will I be able to solve this? Surely I dont have to buy a new phone to start again?

                            Thank you