User profile VS private space

Joe-FastFeet

I ask for advice from competent GapheneOS specialists. Do I understand correctly that private space is more secure and secure than secondary user profiles, which still have no way to keep background application traffic blocked, even if the user needs to. After rebooting the device, all background traffic blocks set by the user are automatically canceled by the system for unknown reasons. Please clarify these points for me. As far as I can tell, the only guaranteed solution in this case is to host the applications in the private space of the owner profile. Thank you all in advance for your answers on such an important issue.

Xtreix

Joe-FastFeet The private space is no more secure than the secondary profile at the system level; in fact, isolation is slightly less strict since the secondary profile has its own user interface, while the private space shares the owner profile's user interface.

The advantage of the private space is that it is easier to use than the secondary profile, while offering sufficient isolation for most users, with the ability to lock data at rest. Note that all applications are strictly sandboxed, even on the owner profile; you do not need a private space or secondary profile for this, it is automatic and by default. Isolating applications in a private space is useful if you want to compartmentalize two personas, for example, personal and work, otherwise there is little benefit.

It is planned to be able to configure multiple private spaces within the same owner profile.

GrouchyGrape

Joe-FastFeet which still have no way to keep background application traffic blocked

After creating a another user, you're given the option to allow or disallow that profile running in the background.

Furthermore, if you "End session" on a secondary user, it's effectively "shut down" and none of the apps in that profile run.

Carlos-Anso

Xtreix otherwise there is little benefit.

It is useful if you want to easily completely shut down all the apps in the profile. Then all the data of apps in that profile can be encrypted while still using other profiles on the device. Finally as a place to put apps that you do not want to be able to see, or if both apps agree, communicate with, all your other apps.

Joe-FastFeet

OK. I will clarify the question. In the settings of secondary profiles, there are system settings that supposedly allow the user to block the background traffic of each application separately. OK. The idea is excellent, and in fact gives the user the right to decide which application to allow background traffic and which to block. But in reality, it just doesn't work. Yes, such a function is declared in the system. Adjustments are available to the user. But in fact, all this does not work. And the user is forced to either end the entire profile session, and then all apps will be disabled, or leave the profile active, and then ALL apps will willfully send data in background traffic. But what should a user do when he wants to block background traffic not to all applications of the profile, but only selectively, to several applications?

mmobder

Joe-FastFeet But what should a user do when he wants to block background traffic not to all applications of the profile, but only selectively, to several applications?

Until the upstream bug is resolved, one indeed doesn't have anything besides workarounds, be it rethinkdns app (praise @ignoramous ) that allows all apps to be blocked if user is locked, or, for example, do smth via Tasker, or alike

Xtreix

Carlos-Anso It's true, I hadn't thought about it anymore, thanks for mentioning it, probably because I've been using uLauncher on Accrescent for some time now, which allows you to hide applications, but yes actually the private space or secondary profile is also very useful to avoid seeing certain apps that you sometimes need to use for certain things but don't want to see on a daily basis, or you don't want the apps to be able to communicate via IPC with other apps, this is something that PewDiePie liked when he made his video presenting his use of GrapheneOS.

Joe-FastFeet

My question wasn't about how profiles can be used. I know what they are for and how to use the profile. My question was specifically about the function of blocking background traffic to any selected application, which is described in the capabilities of GrapheneOS, and implemented in the system itself. But why is it needed in the system, if it is initially known that it cannot work in principle, and for reasons beyond the control of the developers? After all, the user is not warned anywhere that the setting implemented in the system, which allows blocking background traffic to applications in the secondary profile, will not work in reality.

The user sees this feature in the description, sees the setting in the system itself, and applies it without even knowing that it doesn't actually work, and that the lock will be reset by the system after the first reboot, and the system doesn't even inform the user about it. So maybe it makes sense to either warn the user right away so as not to mislead them, or just remove this setting?

Carlos-Anso

Joe-FastFeet
Yeah, apologies, I jumped by your question and responded to something else.

The cellular background data toggle is an AOSP data saving feature not a privacy or security feature. GrapheneOS makes no changes to this feature. If the toggles are resetting I would consider that a bug. Its likely to be a bug in AOSP and present in stock PixelOS, and other Android 16 operating systems not just GrapheneOS. This could be checked. As its not a security or privacy feature fixing it would have a lower priority for GrapheneOS. If it is a bug in AOSP it is likely we would wait for Google to resolve it.

You may have an inaccurate mental model of the concept of 'background' as it exists in AOSP based operating systems. The term for the app that you are looking at is the app in 'focus'. For an apps to be in 'foreground' must display a notification if they are not in 'focus'. The user can disable such a notification from showing again. If an app is in a different user profile to the one you are using you will not necessarily see it posting a notification.

There are various ways apps can bring themselves out of background. Also other apps can bring an app out of background. That is how Googles push notification service works.

The network permission is the way to block an app from making a network connection.