Question about profile setup

fifty8659

I'm currently trying to decide on what specific profile setup is the best for my use case, but so far there doesn't seem to be a very clear de-facto choice.

Currently, I have the owner, my daily driver (that has open source apps) and my "goolag" (for everything requiring Google Play Services).

Problem is that things like contactless pay, student ID, public transport etc that I use daily would then require that I constantly switch profiles.

The privacy gains in this setup also don't seem as worth it since play services is effectively an app in GOS anyway, and each app has sandboxing.

This leads me to conclude that profiles don't have much security benefit outside of sharing the phone with other people or concealing certain activity from someone with physical access.

c86

fifty8659

Link for a low-level explanation on how user profiles add privacy & security. You can search the website for high-level explanations on overall improvements applied to each isolated profile.
https://grapheneos.org/features#improved-user-profiles

The GOS recommendation for device setup has always been a single profile with sandboxed Google play unless a user had a specific threat model - of which obviously device configuration / use will add friction in terms of; sourcing apps, notifications, active profiles / switching profiles.

If you've followed some YouTube or other random guide on setting up your device and it doesn't work for you, then revert to the straight forward configuration. GOS still provides many improvements for privacy and security with a single profile. As you use your device, you can decide if any more app isolation is needed while you establish your own threat model rather than following what talking-heads promote to broadly look cool.

My first GOS pixel was a single profile, my next GOS pixel implemented multiple user profiles because I wanted specific uses isolated. I accepted the added friction and swapping profiles is simple when I intentionally need to engage isolated apps / services. One user will see my setup and say it's ideal, yet another will say it's not needed for whatever reason.

inffy

I went just with Owner profile and its Private Space for my usage.