I saw few people prefer to use a secondary user profile as a main daily driver over the Owner's one.
It might increase security and/or privacy but could you please point out any advantages/disadvantages of this approach?
I know that not all controls/settings are available on user profiles and in order to use SMS you need to stick with the default app, for example.
Thanks.
Secondary user profile as a main one - advantages and disadvantages
Oggyo could you please point out any advantages/disadvantages of this approach
Advantages:
- Better privacy/security by compartmentalization and running in a less (from an already very low) privileged environment, possibility to contain exploits within the profile.
- You can limit installation of new apps, turn off phone features if your threat model requires it.
- Turning on the phone and unlocking won't immediately add risk of the user's files and apps if there is nothing in the Owner profile.
- Better protection against theft or the phone being grabbed away from your hands as the party would not be able to access any profile other than the one you was using.
- Greater anti-forensics, you can erase profiles with a touch of a button, which purges encryption keys and leaves minimal to no artefacts as all profiles are encrypted. To do similar on an Owner profile you must factory reset.
- The owner profile can be set up as a template for all other additional profiles, such as having only apps that will be installed universally between all user profiles which can be more efficient.
- A user profile can 'end session' from a touch of a button on the lock screen on GrapheneOS, and put back into a quasi-BFU state without having to turn the phone off which can make certain exploits more difficult, also an anti-forensic feature.
Disadvantages:
- Can be slow and annoying to constantly turn the phone on and off and switch profiles especially with auto-reboot or if you have a long password
- Having multiple profiles active can use more of your battery life, usually with a small amount you will be okay though
- SMS app lock (you mentioned already)
- Mobile network MUST be turned on and off on the owner profile, when I turn it off on the owner profile it wont reconnect even if on elsewhere
Let us know if you have any other questions.
final Mobile network MUST be turned on and off on the owner profile, when I turn it off on the owner profile it wont reconnect even if on elsewhere
Ohhh that's a big one. I was turning airplane mode on/off on secondary profiles, but that's clearly suboptimal. That's an upstream AOSP limitation, right?
There's no logic in allowing to turn airplane mode on/off but not allowing to turn mobile data on/off on profiles.
Termux won't work and the few owner connections that are global (check faq) need their own separate VPN connection in owner, as VPN is profile-specific.
Hb1hf Yeah, I am unsure of the limitation, when I want to turn Mobile Data on and off I just use the airplane mode toggle anyhow, as I only use the cellular network when I want to use data anyway, plus texts/calls get sent over Wi-Fi on my carrier. I don't think it is much of a problem if you use it this way.