• General
  • Are there benefits to separate user profiles?

Good morning,

Are there tangible benefits in installing Google Play on a separate user?

I'm having to switch profiles when I need to use apps that need GSF.

I was wondering what would happen to my privacy/security level if I installed Google Play Store on the owner profile

All the best

Thank you GOS !

Apps are able to enumerate other installed apps on the same profile. This is by design. Apps are able to communicate with other within the same profile, provided they have mutual consent to do so.

Any apps that are not installed on the same profile as GSF will not be able to communicate with it. Some apps opportunistically use GSF to provide certain functionality (such as notifications, etc.) One example is Signal, which uses GSF to provide on-time notifications, but will fall back to a websocket implementation provided that GSF doesn't exist in the same profile. To force apps to work without it, install them on a seperate profile without GSF.

There is nothing inherently wrong with installing Google Play Services on the owner profile if that's your use-case. Any app within the same profile as it is able to communicate with it, provided it has the functionality to do so but if you don't mind that and want to install everything in one profile and have everything that can work with GSF do so, then that's fine. It all comes down to your own use-case. If there are some apps that you'd prefer not to use or interact with GSF, install them in a separate profile or install GSF in a separate profile.

In GrapheneOS, Google Play Services are sandboxed just as any other user-installed app is: It doesn't have the special privileged access it usually has in other OEM Android installations and thus won't have access to any permissions you don't explicitly grant it, just like other apps.

    Further to what @cyberparty said, I just wanted to point out that in my experience, Google Services Framework (GSF) has not needed network permissions, which may ease some of your privacy concerns. GSF does seem to be required by many apps in order to even start properly, but many apps will work fine or mostly fine without the other Play components.

    As far as I know, it is the Play Services and Store apps (not GSF) that apps typically use for notification delivery and those two do typically require network permission to function properly.

    4 months later

    cyberparty
    I'm new to GOS an was looking for similar information.
    IT seems like there are a lot of threads about GSF.

    What is the actual privacy consideration with GSF?
    If I understand correctly what I've read, GSF on its own (without the Play Service and Play Store) doesn't communicate back to Google.
    When you say that depending on the use-case it is ok to just put GSF in the owner profile, what is the downside of putting it in the owner profile? What is the benefit of putting it in a different profile?
    Which use-case would be an example of not installing GSF in the main profile?

    Thanks!