Do apps know they are on the same phone when installed on different profiles?

pixelcasualuser

I've always had the same question, I tried to read the official feature website but it was a bit complex for me. Of course apps will see they are being used on the same model of phone, and let's ignore things like the IP address. Focusing on device identifiable factors, do they change across profiles or they're always the same?

de0u

pixelcasualuser If an app really works hard, it can be done. Various device statistics will be the same for two profiles on the same device at the same time: time zone, amount of free storage, battery percentage, time since boot... Also, I think at present the Media DRM i.d. is the same for the same app in two different profiles. Two profiles on one device isn't the same situation as two devices.

pixelcasualuser

de0u Thanks, very helpful. Do you have any idea of the main device identifiers that are indeed changed between profiles? I don't really know what numbers are the main ones and if GOS changes them. Also, any idea if apps can see my eSIM information? Again, thank you.

traveller

de0u Also, I think at present the Media DRM i.d. is the same for the same app in two different profiles

If that's an option, I think that would be the main way of apps tying to the device identifier?

DeletedUser313

de0u Is there a limit on how many profiles can be run at the same time?

de0u

pixelcasualuser There is a lot of information about hardware and non-hardware identifiers in the FAQ, starting here: https://grapheneos.org/faq#hardware-identifiers

kjerehea

Trustdevice is an open source app that shows you what an app can see on your phone even before you give it any device permissions. Having said that, Google Play Store limits what requests each app is allowed to make. For example they need a valid reason if they want to see which other apps are installed on the profile, and DRM ID too.

It's still pretty much open season for device profiling, even on GrapheneOS. The only real defence at present is to limit your app installs and use Vanadium PWAs instead of apps where possible. But even with PWAs two websites could in theory figure out that you are the same visitor by correlating your time zone, browser version numbers, device type, fonts installed, internet speed etc etc etc etc.

Dumdum

kjerehea But even with PWAs two websites could in theory figure out that you are the same visitor by correlating your time zone, browser version numbers, device type, fonts installed, internet speed etc etc etc etc.

Gotta love being told:

Your IP does not appear to be protected. If you do not have a VPN, you need one! Someone is recording this IP and tracking all your Internet activities.

while using Mullvad VPN with Lockdown mode on. I'm sure its totally not a purposeful attempt to encourage people to use any conveniently advertised VPN services on the same page. Remember folks: there are charlatans and scammers in the privacy space.

Dumdum

Dumdum
Is this comment being thrown into the approval queue because the link included the name of a certain individual? Because, yeah, that's interesting.

GrapheneOS

Dumdum Yes, it doesn't know the difference between links and non-links and it goes into the approval queue if it contains that word.

Dumdum

GrapheneOS
And out of curiosity, links to the individual's website are acceptable?

other8026

Dumdum maybe other moderators would disagree with me, but I'd say I think it's best not to. Not because our community can't talk about such things, but because links can improve search rankings for their site or content, which is obviously bad for almost everyone who might be duped into believing them. This is especially bad for people who are just starting to do their own research and don't know better and may click on the wrong link in search results. Maybe a broken link with a disclaimer would be okay though.

de0u

DeletedUser313 Is there a limit on how many profiles can be run at the same time?

There is a limit on how many can exist at the same time (source) and a limit on how many can be non-suspended at the same time (I think it's around 3 depending on RAM size but I couldn't find the change in the release notes).