Can someone create amnesia mode for profiles?

cgro0550

I would really like an Amnesia mode that deletes every cache and all storage by default upon exit once things are set up. I want to install all the Apps I want, install extensions on browsers or in Apps, create everything in a way I like, then freeze the profile so that anytime I exit it will go back to the frozen state. The reason for this is Grapheme does not have great protection if a phone is stolen by someone with lots of resources (ie government adversary, company with large budget, etc). There is a good chance if the phone is stolen it will not be encrypted at the time and a sophisticated adversary will gain access. My concern is data in the cache could be used without authorization. I don't want to have to clear the cache for all Apps or recreate a profile each time.

Is there an amnesiac option already for profiles?

treequell

cgro0550 Does this meet your requirements: https://grapheneos.org/features#end-session?

In Settings you can optionally disable the ability for the user to run in the background, which means that every time you switch away from the user, it will be put to at rest automatically.

Sazo

treequell
I think he wants a way to back up a profile and restore it every time you exit/reactivate the profile, like how you can do with some virtual machines.

Hb1hf

Sazo not restoring from the point it was last used, but from the point it was first set up.

An alternative solution would be to set up a profile that's never to be used. Instead, every time it's cloned, and then the clone is used and then deleted.

Amnesic profiles are a great idea. It's the closest thing to a mobile version of using a live OS.

Sazo

Is there a way to back up and restore a profile to a new one under owner, without adb restore?
Outside of setting up new profiles and freezing them by not running, guest profiles might be the best option

Sazo

Hb1hf not restoring from the point it was last used, but from the point it was first set up.

yea, that's when you use save states, you can set up all your build tools and save the vm state, so you can do whatever modifications you want without borking the system.
Finding a way to back up and restore a profile without needing to using adb could emulate it, so something like titanium backup? You can make a new profile and pull in all your old data from a USB drive.

BlueSky

Hb1hf

That would be such an awesome feature to have!! It would be the cleanest and fastest way to achieve this. Cloning a the user profile should be quick and deleting one even quicker. No Problems that files are beeing locked etc. Everything is deleted. No need for a 15 (or longer) character Password....

treequell

Sazo You can make a new profile and pull in all your old data from a USB drive.

You can do that already with the OS backup service, Seedvault.

cgro0550

treequell Is this easy to do or is this time-consuming? I want a quick amnesiac qube with settings the way I want, not a long restore process each time I do something

N3rdTek

treequell this isn't the first time I've seen you continually recommend this, if you don't mind me asking why do you keep recommending a broken backup option that doesn't actually restore anything?
It's far from a secret that seedvault is basically worthless in GoS

treequell

cgro0550 I don't think Seedvault would meet your requirements.

Whilst it doesn't meet your requirements either, when you log out of a user, the data is encrypted at rest. If you choose to secure the user with a password with at least 90-bit of entropy, the user is secure against brute force attacks, without needing to trust the rate limiting of the Weaver token. That would be the approach I would personally use in your case. For more information, I suggest reading: https://grapheneos.org/faq#encryption

treequell

N3rdTek I would not go so far as to say I recommend Seedvault. I do not use it myself because of its reliability issues and prefer to do backups manually.

That said, for people who want automated backups it is the only option on GrapheneOS. That is why I have suggested when people have asked for an automated backup solution.

Whilst it is unreliable, it is not true that it doesn't work whatsoever. Many GrapheneOS users have used Seedvault for backup and restore.