At the moment I'm using separate Android User Profiles not just for different identities (personal/work), but also for better app isolation.

  • It's really nice to be able to shutdown a profile and know that apps from that profile are not running in the background.
  • "apps within the same profile can communicate with each other with mutual consent" in some cases I don't want apps to be able to communicate with each other even with mutual consent (which I assume is through Intents)
  • If I don't start the profile then 'Run at startup' permission does nothing - great.

Having a lot of User Profiles can be a bit of a pain though and so I looked into using web versions of applications/sites to replace the installed applications (using PWA where possible). The problem I saw with this is that the state of the PWA and of Vanadium are shared. For example I have a LinkedIn PWA on my home screen which is logged in and if I go to the Vanadium app and navigate to LinkedIn I am still logged in. I was hoping for a way to disconnect these two.

I've been doing some searching and first came across Browser Profiles which don't appear to be supported on Mobile.
Then that lead me to Firefox Multi-Account Containers
Which according to this page are now dead
and replaced with Total Cookie Protection - also not supported on Mobile

I think my ideal would be for Vanadium default everything to a private tab but then I could save a tab/session into a container of some kind and then have these containers completely isolated from one another.

So now to my actual question. Does Vanadium have anything similar to this or is there a better way on GrapheneOS for me to achieve some of these things. Can I further isolate some apps such as blocking additional permissions (e.g. Run at startup and others), prevent background services for an application when the foreground app is not running, and block 'communicate with mutual consent' .
Additional context is appreciated and feel free to correct anything I have here that is incorrect.

    When you sign into a PWA, the site data is stored within the app data of Vanadium. Vanadium has strict per-site process isolation, so the data saved is only accessible by that site. This additional sandboxing provided by Vanadium complements the app sandboxing of the OS.

      Thanks. treequell is there anywhere I can read more details about this state isolation?

      I have seen this https://grapheneos.org/usage#web-browsing but it only mentions it at a high level.

      The Firefox link talks about appending emdedded cookie hosts to the root host and unpartitioning via a user prompt, etc, etc. Hoping for something around this amount of detail.

        a month later

        • [deleted]

        • Post #4
        • Edited

        jroddev If I don't start the profile then 'Run at startup' permission does nothing - great.

        Hi,
        'Run at startup' is actually not a permission to auto start your app, but rather to recieve a system broadcast telling your app that the system has started (You can't auto-start your app without knowing If the system has even started lol) and Users can prohibit apps from running in the background; Which will prohibit your app from running in the background even with android.permission.RECIEVE_BOOT_COMPLETED (run at startup) permission on startup.

        • de0u replied to this.

            [deleted] 'Run at startup' is actually not a permission to auto start your app, but rather to recieve a system broadcast telling your app that the system has started (You can't auto-start your app without knowing If the system has even started lol) [...]

            But you also can't receive a broadcast if you're not already running.

            Does Android at boot automatically launch every app that has permission to run in the background?

                • [deleted]

                • Post #6

                de0u But you also can't receive a broadcast if you're not already running.

                Source: https://developer.android.com/reference/android/Manifest.permission#RECEIVE_BOOT_COMPLETED

                Allows an application to receive the Intent.ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting. If you don't request this permission, you will not receive the broadcast at that time. Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them. As such, you must explicitly declare your use of this facility to make that visible to the user.

                The RECEIVE_BOOT_COMPLETED permission only 'allows' applications to have themselves running without the user being aware of them.

                • de0u replied to this.

                    [deleted] Though holding this permission does not have any security implications, it can have a negative impact on the user experience by increasing the amount of time it takes the system to start and allowing applications to have themselves running without the user being aware of them.

                    That makes it sound as if not having the permission does mean the app not only won't get the message but also won't be started, no?