Hello everyone, I was wondering what the most secure way to use the Tor Browser on Graphene OS would be. I've read the usage guide and the FAQs, and know a fair bit regarding how AOSP and the Linux kernel works. By default on Android, the Tor Browser should run under a different user/UID than other apps and be confined via MAC. That sounds secure enough, but I also know Firefox is the least secure browser engine on Android, and doesn't benefit from some of the Graphene OS hardening. Fission is also a ways off, so we're solely relying on the app sandbox and whatever hardening can carry over from the OS. I'm wondering, does anyone know if there is a way to run the Tor Browser more securely? My ideas to make this scheme better are:
Private Space - this isn't my favorite as it is a new feature, and there isn't as much literature that describes how it functions (that I could find). However at a minimum Private Space has different encryption keys, and I believe it is sandboxed from the main profile.
User Profiles - I like this solution because, from what I can tell, User Profiles are completely isolated. They should have their own encryption keys, and should be isolated on a kernel level. We also have more control over the profile from the Owner profile, like restricting SMS access, and removing the ability for the profile to run in the background. I assume this would be secure unless there is a kernel exploit, right?
If someone more knowledgeable could help me, I'd greatly appreciate it. I don't have a high threat model, but I would appreciate more security running Tor Browser because I like the privacy features of Tor.
I also wouldn't mind it if someone has some reading material regarding how private space works, I like learning about these things.