Google Services in Private Space- Setup Review

Sabak

I just want to make sure that I understand Private Space correctly
It sounds like the private space is an easier to access profile within a profile that is sandboxed.
I want to download certain apps that require google Services and was planning on putting them in a separate profile but to prevent having to switch constantly it sounds like I can download Google Services in the private space and keep it unlocked. Sounds like that will have 0 impact on my actual owner profile?
My setup would be:
Owner- no google + private: whatsapp, games, banking
Anonymous- profile with apps that are all anonymous no logging in to anything (mostly crypto)

Seems better than having a third profile dedicated for google Services since I would want those apps actively and if it is a game or something I don't want to not receive Whatsapp messages when playing.

Does this make sense? Am I missing something here. Not super paranoid about tracking but trying to minimize as much as I can.

schweizer

Honestly I do not get the part about what goes where. Whatsapp and most banking apps do not need Play Services but do not stop working when the latter are installed.

pixelfairy

Yes, makes sense. Your enabling and disabling google services as needed. While enabled, google can log time and ip address so keep that in mind. Might want to enable fingerprint for the private profile. You should still need its pin to lock and unlock it, but it will time out, and thats what your fingerprint is for.

If the banks website works for your needs, you can just use that in a separate user profile. Whatsapp wants to look at payment info and purchase history so thats even more reason to keep your banking separate from it. Vanadium blocks 3rd party cookies, so in theory it might be ok to use it in the main profile. But the web is big and complex with lots of moving parts to break.

If you must use a banking app, make a burner google account, or risk the Aurora store in the main profile. Then push it to a different user account if any of your main account apps want to see payment or financial info. Make sure that account does not have permission to install apps.

Norman

pixelfairy
Please do tell me how WhatsApp is going to get payment info and purchase history of a banking app on GOS.

pixelfairy

Norman Whatsapp listed those as data collected. Maybe they meant from the app itself? Either way, still good to keep a banking app as isolated as possible.

Norman

pixelfairy In GOS a banking app is isolated even when installed alongside another application. That's the entire point of sandboxed apps.
WhatsApp can only collect data of what you do inside of the app. The most it could do is collect clipboard info (only while in-focus), see what other apps are installed alongside it (but not their activity), browse whatever files you've given it access to (just use storage scopes) and see your contacts (use contact scopes).
I don't see any way WhatsApp is able to obtain any more info from a banking app than it just being installed in the same profile as itself. This would be a massive security and privacy incident if it were possible, and to claim otherwise without evidence is giving people the wrong idea.

If you must use a banking app, make a burner google account, or risk the Aurora store in the main profile.

I would never give the advice to use Aurora store to install a banking app. The Play Store is much more secure for this purpose.

Your enabling and disabling google services as needed. While enabled, google can log time and ip address so keep that in mind.

Use a VPN.

Might want to enable fingerprint for the private profile. You should still need its pin to lock and unlock it, but it will time out, and thats what your fingerprint is for.

You can set a custom time-out for the private profile, including setting it to stay unlocked until device reboot, and put it to rest at any time by tapping the lock icon.