Security and privacy enhancement advice needed

mythodical

DeletedUser313 I've never had any need for work profiles, so I can't really say unfortunately. Maybe someone with more knowledge of them will chime in.

Zormedin

DeletedUser313 You need shelter or any equivalent app to set it up.

DeletedUser313

Zormedin

Are you allowed to transfer files from the Work Profile to the User Profile and vice versa? I was unable to do so on a non-Pixel (still waiting to get it) phone which also used Shelter

Zormedin

DeletedUser343 You could use the following combination to separate things:

Private space
Work profile

You can stop private space and every app inside it and/or you can stop every app inside the work profile.

Like I said: If you are fine mixing private and work, put everything inside Private space. If you want to seperate things, use both.

Elgoog

Zormedin And a second follow-up question, if I may.... To my surprise, Google Earth runs just fine in my non-Google secondary profile (the profile I usually use). Am I compromising my privacy by having Google Earth here?

The app retrieves its data from Google servers and may also send telemetry information. Could you clarify what you're asking about?

At present, Google Earth resides in the non-owner profile that I use most if the time. Might Google Earth be telemetering even when it's not open? Perhaps another way of putting the question would be, should I disable Google Earth when I'm not using it?

Elgoog

Elgoog Might Google Earth be telemetering even when it's not open? Perhaps another way of putting the question would be, should I disable Google Earth when I'm not using it?

Actually, now that I think about it, that's a stupid question, isn't it. Every app potentially leaks data. That's why GOS tends to automatically disable apps that haven't been used for a while.

Zormedin

DeletedUser313 Are you allowed to transfer files from the Work Profile to the User Profile and vice versa? I was unable to do so on a non-Pixel (still waiting to get it) phone which also used Shelter

You can "share"/send data between them, or what is the exact question?

Zormedin

Elgoog While I can't specify the exact data transmitted by Google Earth, if the app is disabled, there shouldn't be any data transmission, including telemetry.

However, isn't using Google Earth within a browser—either as a Progressive Web App (PWA) or the standard website, potentially with Native Alpha—a better approach regarding data collection?
In these cases, significantly less data can be collected. Although this method might be slower and some features might be absent, it's certainly worth trying.

DeletedUser313

Zormedin

Just sharing files that's all

embeathome

Guys...I am also following the setup of Side of Burritos (https://www.youtube.com/watch?v=IAoCfrqxIEg), because I like it and I think it is the best method, although in the comments there is an alternative method mentioned.

I still didn't fully adapted GOS phone, I use stock Android still and I move step by step. Since December 24 :) I was busy and had no time, but I also don't want to rush things. However, lately speeding up. And here comes the question/situation:

I have approx 145 apps in my current stock Android phone, many of them paid, many very needed for my daily life and hobby + work. I don't use Aurora store but rather Google Play store with fake account, but I use Aurora to check each app I need, on what it is dependent. Either it is Google Play Store or Google Play Services, or both. I have so far checked approximately 10-15 apps and each is dependent on at least Google Play Store and some on both. For example Bolt is dependent on both, same as Brave browser, while for example Bluesky, Microsoft Authenticator, ABRP, Netlix are only dependent on Google Play Store.

My question is - if apps are only dependent only on Google Play Store, is it safe/OK to install them to "daily" profile (the profile used most during the day, or do these also need to be installed with apps, which need Google play services (those pesky apps which gather data)?
My idea, for those, which only require Google Play Store, to provide them with no or minimum permissions, for example Ampere (https://play.google.com/store/apps/details?id=com.gombosdev.ampere&hl=en_US), 1st app I installed, no permission at all and it works fine. If there is no permission, how could an app harm security, especially when sandobexed on top of all?

Btw, issue I have is Orbot, it works fine, but as soon I turn on "Always on VPN" and "Block connections without VPN", I loose internet connection, so no apps update, Aurora doesn't connect, Accrescent too....Am I missing something, or is it OK and safe to turn off "Always on VPN" and "Block connections without VPN"

Thanks,
Martin

Zormedin

embeathome My question is - if apps are only dependent only on Google Play Store, is it safe/OK to install them to "daily" profile (the profile used most during the day, or do these also need to be installed with apps, which need Google play services (those pesky apps which gather data)?

I'm not quite sure what you mean by "safe." From a security perspective, the presence of Google Play Services doesn't inherently imply that more data is being shared. Conversely, the absence of Play Services doesn't guarantee that data isn't being shared. The rationale for avoiding certain Google apps is primarily due to Google's direct data collection practices. However, it's important to recognize that apps, in general, can still share significant amounts of data with third parties. Many apps are bundled with frameworks to gather telemetry data etc.

My idea, for those, which only require Google Play Store, to provide them with no or minimum permissions, for example Ampere (https://play.google.com/store/apps/details?id=com.gombosdev.ampere&hl=en_US), 1st app I installed, no permission at all and it works fine. If there is no permission, how could an app harm security, especially when sandobexed on top of all?

There shouldn't be an security issue but the "problem" is the following: IPC - Inter process communication

E.g. you restrict every permission from one app, but the app can communicate with other apps running in the same profile and theoretically those can then transmit the data if they have network permissions. For enhanced privacy, it’s crucial to manage app permissions carefully and be selective about which apps you install. GOS alone is no free ride on the privacy side.

Btw, issue I have is Orbot, it works fine, but as soon I turn on "Always on VPN" and "Block connections without VPN", I loose internet connection, so no apps update, Aurora doesn't connect, Accrescent too....Am I missing something, or is it OK and safe to turn off "Always on VPN" and "Block connections without VPN"

Sorry, can't help you with that one. But did you check github if there are any issues related to that?

Zormedin

DeletedUser313 You can archive this with different apps and Inter Profile Sharing is one of them which is available on Accresscent.

embeathome

Thank you Zormedin, I got your point. What I want is to isolate apps, like Facebook, Twitter, Bluesky - I need them, but at the same time I need to be as anonymous as possible.

« Previous Page