• General
  • How much are profiles separated?

If I was demanded by customs to unlock my phone, and I unlock a decoy profile..

  • what data can they access from that secondary profile?
  • are the two profiles data encrypted separately?
  • would it be more "safe" to log out of my main profile? (to mitigate against RAM dumps)
    • [deleted]

    avidgrapher presuming the customs can force you to unlock your phone, are they entitled to demand to get access ("unlock") to additional profiles? They are part of the same device and they can assume you are trying to show them a "phoney" profile.

    avidgrapher If I was demanded by customs to unlock my phone, and I unlock a decoy profile..
    what data can they access from that secondary profile?

    They would only be able to access the data from the profile you provide them. Since you mentioned a secondary profile, they could log out and go back to the Owner profile - which is best practice to leave completely blank or as a template for all other profiles.

    Like what OldSurehand said, if they know the existence of other user profiles, they could ask to see the other profiles as well. Deleting the profiles before they can check them would fix this, but of course, there would be data loss.

    avidgrapher are the two profiles data encrypted separately?

    Profiles are stored with different encryption keys as the source treequell provided says. Deleting the profile purges all secrets of the profile from the secure element, meaning there would be no artefacts to examine - only unreadable, encrypted data.

    avidgrapher would it be more "safe" to log out of my main profile? (to mitigate against RAM dumps)

    If the "main" means the profile you use at boot, the owner profile cannot be logged out. Once you unlock it, it remains in the after first-unlock state until the device is turned off. Regardless of this, the owner profile cannot access the data of other profiles.

    If you mean a secondary profile, signing out of the profile from the button at the bottom of the unlock screen will turn the profile off and purge keys until the user signs in with that profile's authentication method once.

    You should not worry about memory dumps or high level extractions - these are only possible with much older and less secure devices or if your Pixel was a rooted device, which GrapheneOS doesn't allow you to.

    • [deleted]

    they could log out and go back to the Owner profile - which is best practice to leave completely blank or as a template for all other profiles.

    Interesting - is there a place where I can read more about various (grapheneos) best practises?

      [deleted] Interesting - is there a place where I can read more about various (grapheneos) best practises?

      It isn't much a best practice in general for all users, as some people will choose only the Owner profile to use. But for certain users like the OP who are using multiple profiles, then using the Owner profile as a template or blank is a better bet, since the Owner profile creates new ones, and can install the apps from the Owner profile to the New profile in the same menu.

      The GrapheneOS usage guide and FAQ on the website has a list of things you can do.