Bypassing the 'Block app installations' feature using Private Space

Este250

Hello,
I was running some tests with the feature that allows blocking a secondary user from installing apps, and I realized that you can easily bypass this intended restriction by simply creating a private space. I've searched thoroughly through the GrapheneOS documentation, but I can't find anywhere that addresses this mechanism or whether it's really intentional.
Have a great day!

userofgos

Este250 and I realized that you can easily bypass this intended restriction by simply creating a private space.

Interesting. I don't believe that is a feature that applies to Private Space in Owner either. Private Space in User Profiles was recently introduced to GrapheneOS as of build 2025051900. I would assume it behaves the same way in both Owner and User Profiles

pxlkng

Este250

You should check if this was reported on the os-issue-tracker already and report it there otherwise, it might not be intended. I would have expected the installation restriction to also apply to the users private space as it is kind of a "nested" profile.