My plan on Owner profile, profiles, and where/when on GPlaystore

PopM25

Hello,

This post is my plan going forward for at least the 1st portion until I can learn more, and WELCOME any suggestions, concurrences or ideas.

Of & on with other stuff going on its been weeks getting info to finish and permanently turn on my new Pixel phone armed with GOS :-) as my primary phone. Hoooge learning curve and simply cannot fathom all that I really want to at 1st glance, or 1st setup. Example, Obtanium, APKs and such is just days & days of more study, can't do it right now. And, seemingly some contradictions / varying opinions such as on Aurora Store yes/no, F-Droid yes/no etc. I need to move on!
All mentions of GPlay is with my current profile, I plan on re-doing later with an anonymous. Again, learning curve issue.

Ok right into it...

#1. Owner Profile; as suggested by GOS and seems to be an appropriate 1st start, install GPlaystore, and download into same profile all GPlay all apps I will use . These will be in background and not shown as installed. This way I can push those apps into other profiles. Then delete, not just disable, GPlaystore.

OK is that overkill? Or will simply disabling GP sufficient for basic security I DO NOT want GP or Google fishing for info.

#2. 2nd Profile with GP apps pushed into, my DailyDriver kinda profile. Will be using Vanadium browser and kinda leaning to the IronFox found within GOS Acrescent app :-) .

#3. 3rd profile banking, finance stuff to protect allll the $ I don't have haha

#4. 4th profile, reinstall GPlaystore for G apps such as Voice and possibly maps, other apps that cry for GPlay to work. Then , simply disable NOT delete GPlay. This User Profile will be used daily or so, turn on/ Enable GPlay and check Voice txts, phone calls etc.

Throughout these profiles will be my long time used extra very secure email apps, and fav VPNs :-) most especially with any & all banking stuff.

What say, any ideas THNX! :-)

pxlkng

PopM25

Profiles are recommended to be used based on personas, not app or usage categories. They don't aid the app sandbox and do not add any security to it. They block IPC and package discovery across profiles, but otherwise the app sandbox is the same everywhere.
It is not more secure or inherently more private to install apps in a secondary user than it is to install them in Owner.

Your described setup is very complex and too over-engineered in my opinion.
This will likely only heavily increase friction and decrease user experience, while having no tangible benefit on privacy and none at all on security.

My strong recommendation for most people is to use Owner as the main profile. Install all your apps including sandboxed Play Services there. Don't disable any Play Services components, there is no reason to do so and this will likely break it.
You can then expand on this setup with profiles if you need additional personas (For example for Work) or want to specifically make use of their features (individually putting at rest, different unlock method, VPN slot, etc)

Don't use Aurora Store. Is is not recommended, has security issues and no privacy benefit over sandboxed Play Services. It does not avoid Google nor its tracking.
You should use the official Google Play Store with sandboxed Play Services, which is the most secure and private way to go about getting apps that come from the Play Store. Apps from the Play Store often bundle Google libraries, which can run on their own without Play Services, but can facilitate the same data collection as it. It gives Google the same access as Play Services would have and the mere presence of Play Services is not what makes a difference on privacy or data collection.
If you want to "avoid Google" you cannot use any apps that come from the Play Store at all, full stop. Even if you get them from third party apk sites (which is strongly discouraged and very dangerous), as long as they contain Google libraries you basically have Play Services installed anyways.

Play Services is confined to the regular app sandbox on GrapheneOS. It doesn't have any elevated privileges or system integration and can only access a very minimal set of data (just like any other app).
You can read more here:
https://grapheneos.org/features#sandboxed-google-play

Going into some details:

PopM25 varying opinions such as on Aurora Store yes/no, F-Droid yes/no etc

The official recommendation is to avoid those two. They have considerable security issues and Aurora Store has no privacy benefit.
The two officially recommended 3rd party app sources are Accrescent and the official Google Play Store, both available on the first party GOS App Store.
You should be getting all your apps from those.
If an app isn't available in those two stores, fallback to sideloading via Obtainium+AppVerifier as a last resort, but otherwise avoid it as sideloading is inherently dangerous and less secure than the two previously mentioned secure stores.

PopM25 This way I can push those apps into other profiles

I see no need for that.

PopM25 Or will simply disabling GP sufficient for basic security I DO NOT want GP or Google fishing for info.

This has nothing to do with security. Play Services is always confined to the regular app sandbox, but it is not a security risk. Google is not a threat actor and very good about security.
Play Services cannot "fish for data" any more than other regular apps.

Apps cannot access private data of other apps and can only communicate with other apps based on mutual consent. If they talk, all information must be voluntarily shared. It doesn't just allow an app to freely peek into the private data of the other app.

PopM25 OK is that overkill

Yes

PopM25 leaning to the IronFox

Firefox based browsers are not recommended and considerably less secure than Chromium based browsers, especially on mobile.
It is recommended that you only use Vanadium if possible on GrapheneOS.

PopM25 3rd profile banking, finance stuff to protect allll the $ I don't have haha

Again, a profile does not increase security. You don't need a profile for this and a profile will not protect your data more than the regular app sandbox does anyways, everywhere. The basic app sandbox already protects and confines apps.
Why should this only be done by profiles, and not always?

PopM25 Then , simply disable NOT delete GPlay

Don't do this, just keep it enabled. The amount of time it runs does not equate to the amount of data it can collect.
Also, you critically need unattended automatic updates from Play Store on your apps for baseline security, so that's another reason why it needs to stay enabled.

So to summarise:
You likely don't need such a complex profile setup. Profiles do not aid the app sandbox and are not a necessity for a secure or private setup. Their importance and necessity tends to be vastly overstated by online guides, videos and tutorials.
Complex setups will end up increasing friction, decreasing user experience (constant profile switching, less performance, etc) while not even having the expected, or any tangible, benefits.
Hence, the recommendation for most people is to daily-drive Owner as their main profile and put all their apps (including Play Services if needes) there.
Try to get all your apps from Accrescent and the official Google Play Store exclusively.
Don't use Firefox based browsers and stick to Vanadium.

If you prefer, you can create an anonymous Google account with no PII or phone number attached for usage with sandboxed Play Services.
To do this, create it from in-app on a non-suspicious IP, meaning no VPN or Tor. Otherwise you'll get flagged and be prompted for a phone number.
The usual recommendation is to create it from a public place that has free WiFi, like a library or cafe.
I recommend to add 2fa afterwards. Not only is it a good default security measure either way, but it may also decrease the potential of your account getting flagged afterwards.

PopM25

pxlkng The two officially recommended 3rd party app sources are Accrescent and the official Google Play Store, both available on the first party GOS App Store.

pxlkng Firefox based browsers are not recommended...

FYI I only know of Ironfox cause I saw it on the Acrescent app which is GOS approved stuff.
I had however planned on using Vanadium browser more than Iron, just like having 2 options. :-)

In any event I may very well pare down how many Users I have but I am going to stick with leaving Owner as its own base, and, use it for making newtork adjustmens, Preferences etc

...if an attack happens despite best of prep, I'd rather a User get blowed up vs my Main profile!

Ok thnx, EXACTLY what I was lookn 4 :-)

Anyone else please ? :-)

n3t_admin

pxlkng Google is not a threat actor and very good about security.

Uhm, excuse me? There's quite a lot of people for whom Google IS a threat actor! Depending on your app setup, limiting data collection by Google might be vital for personal safety. You know, because Google is one of those entities likely to be forced to comply with law enforcement.

Play Services cannot "fish for data" any more than other regular apps.

Yeah, but Play Services is known to be the most prominent app using IPC. There's a very high probability your random two apps are gonna talk to Play Services rather than each other. So Play Services can absolutely "fish for data" - that's the whole point of it.

pxlkng

PopM25 Acrescent app which is GOS approved stuff

This is not correct. Apps on Accrescent are in no way approved or checked by GrapheneOS.
Accrescent is not made or managed by GrapheneOS and is its own independent project.

PopM25 ...if an attack happens despite best of prep, I'd rather a User get blowed up vs my Main profile!

As previously stated profiles do not provide additional security in regards to the app sandbox. They will not stop exploits or malware that escapes the app sandbox.

Elysium

pxlkng As previously stated profiles do not provide additional security in regards to the app sandbox. They will not stop exploits or malware that escapes the app sandbox.

Doesn't a user profile help to isolate malware on one profile? It is unlikely it would affect other profiles too? So the damage it can do is more limited? While it doesn't increase security like you say, it decreases the damage?

gos documentation

Android's user profiles are isolated workspaces with their own instances of apps, app data and profile data (contacts, media store, home directory, etc.). Apps can't see the apps in other user profiles and can only communicate with apps within the same user profile (with mutual consent with the other app). Each user profile has their own encryption keys based on their lock method.

Like I have apps and games that I consider less secure, because they install plugins and are old and not maintained etc. I put them in an extra profile

user20583982

n3t_admin I guess @pxlkng was describing a setup for "normies" which seems quiet reasonable. Isn't GOS much better in terms of security and privacy compared to stock even while set up as a "normal" smartphone?

PopM25

user20583982

Well like elbows there's always a few opinions on any topic or idea.

It is ALSO considered normal to have more than just Owner Profile. Member pxlkng simply commented 3,4,6, 30 may be a bit much. I put it into the 'Food for Thought' slot :-)

So yes to your ''Isn't GOS much better in...'' comment, however, isn't it nice to have access to a 2nd car if/when YOUR primary is in the shop, or worse, DOA haha

In just about all things I have 2 or more layers. T-shirt or under shirt. Anybody running just 1 door knob? Last I seen at Home Depot ALL DOORS have 2 lock holes predrilled. And our beloved time wasters AKA smartphone haha is some ppls primary but most have a...yup, home PC also that is...synced.

And, I find it neither hard, difficult, laborious or even time consuming to swipe down, touch another profile icon, add PIN sign in and voila, I'm in a 2nd Profile. It happens faster then time it takes to read that...

Its so easy :-)

Cheers :-)