Randomized Media Device Identifier for Widevine/Media ID
Guest Profile Option to Delete Data But Not Installed Apps (New Profile/No Cache/All the Guest Apps)
Password Protected Options - Require Entering a Password to Change Certain Options (Bluetooth, Airplane Mode, Mic Access, Camera, etc) to prevent accidents
Daisy-chain VPNs: It would be nice to use a VPN prior to forcing all Apps through Tor
Lock to 1 WiFi: I do not need Graphene to search around for additional WiFi options if my primary WiFi is not available. Even with MAC randomization, it's more data than I need to be emitting.
Graphene Wishlist
- Edited
Cool idea.
(Your 1st one falls waaaay short of preventing divice fingerprinting, though)
My list would include:
- Duress PIN/passphrase/fingerprint
- Amnesic profiles
- Working fingerprint after switching profiles (this one's on AOSP, but hey it's a wish list)
- App scope (most notably to have gplay installed and chose access to in on a per-app basis instead of having different profiles to do the trick)
- Mic/Cam/Location access auto turn off (sort of like app's "only this time" feature)
Edit: 6. From a recent post: invisible profiles!
greydson Randomized Media Device Identifier for Widevine/Media ID
Something similar is planned: https://github.com/GrapheneOS/os-issue-tracker/issues/2314
greydson Guest Profile Option to Delete Data But Not Installed Apps (New Profile/No Cache/All the Guest Apps)
There is a guest profile on GrapheneOS already that comes with the default apps. Does that not meet your needs?
greydson Password Protected Options - Require Entering a Password to Change Certain Options (Bluetooth, Airplane Mode, Mic Access, Camera, etc) to prevent accidents
Those toggles can't be entered unless the phone is unlocked. If you don't want to toggle them accidentally whilst the phone is unlocked, I suggest removing them from the quick tiles. You will then have to go into Settings to toggle them.
greydson Daisy-chain VPNs: It would be nice to use a VPN prior to forcing all Apps through Tor
Not sure about this one.
greydson Lock to 1 WiFi: I do not need Graphene to search around for additional WiFi options if my primary WiFi is not available. Even with MAC randomization, it's more data than I need to be emitting.
There is a feature already to turn off WiFi automatically when there are no saved networks available. You can turn WiFi back on when you want to connect to your saved network once again.
- Only unlocking Owner profile prevents auto-reboot.
1 Randomized Media
Device and hardware Identifiers
2 Duress PIN that can lead into a Secondary profile
3 Location Scopes
Apps from other profiles not visible in current app list (when entering Settings -> Apps).
Themble This is a very important feature, I hope they implement this.
Faded app icon for disabled app. When click on app icon it will give the option to enable the app.
Application scope for atleast Google play services to eliminate the user profile.
Exceptions in storage scope. For example, for storage scope if a user want to hide a particular file/folder from app and want to give all files/folders access to app.
Fantasy🥲:
- Ultra pro max battery saver
- Wifi hacking tool
- Putting phone near to someone's phone to hack them wirelessly like a hacker from movies.
- Assistant like Jarvis
Daisy-chain VPNs: It would be nice to use a VPN prior to forcing all Apps through Tor
You can already do this with apps supporting chaining. They can support passing all the traffic through another app already.
Lock to 1 WiFi: I do not need Graphene to search around for additional WiFi options if my primary WiFi is not available. Even with MAC randomization, it's more data than I need to be emitting.
Scanning for Wi-Fi access points doesn't leak data as long as you don't have any saved hidden SSID APs.
Duress PIN/passphrase/fingerprint
This is being heavily worked on already.
Amnesic profiles
You'll need to explain what you want in more detail.
Working fingerprint after switching profiles (this one's on AOSP, but hey it's a wish list)
This works already.
App scope (most notably to have gplay installed and chose access to in on a per-app basis instead of having different profiles to do the trick)
App communication scopes within profiles are planned, but for now profiles provide it.
Mic/Cam/Location access auto turn off (sort of like app's "only this time" feature)
This wouldn't really work since apps would keep it active if they were using it.
Apps from other profiles not visible in current app list (when entering Settings -> Apps).
This wouldn't hide the installed apps since there are other ways of detecting them such as attempting to install an app with the app id of the app you want to detect with a different signing key than the official one. If it fails to install due to a signature error, the app is installed.
Any word on location Scopes
[deleted]
- Edited
Ram
Wifi hacking tool
Putting phone near to someone's phone to hack them wirelessly like a hacker from movies.
GrapheneOS is not Kali Linux lol
Thanks for your reply!
Good to know about duress pin and app scopes!
Fingerprint access after switching profiles: it's buggy. People report having to use pin/pf in the first time after switching back and for some people it never turns back on. For me some updates make it better, others bring the issue back.
Amnesic profiles: the idea came from this discussion:
https://discuss.grapheneos.org/d/6639-can-someone-create-amnesia-mode-for-profiles
It's basically a profile that keeps no user/app data. It either returns to a blank profile or to a blank + installed apps after being logged out.
Mic use: it's a shame. Having the mic off except for phone/signal/WhatsApp calls would be great, specially for the phones we set up for family members who are not great privacy enthusiasts, and who won't bother to manually turn the mic back off after every call.
Oh, and what about invisible profiles, if it's not asking much?
I would really like a shared folder/files option for different profiles being able to share select files or folders, without having to plug in an external USB-C memory stick. To be able to read select folders or files created in one profile from the owner profile, but not necessarily vice versa.
TrustExecutor You can achieve that with a third-party app like Syncthing.
- Edited
A reliable backup system
TrustExecutor
if you download Protondrive in both profiles? It is free (limited) and can do the job or am I missing something?
Even when use different inlog, you can use the share link to the other.
[deleted]
Hb1hf Having the mic off except for phone/signal/WhatsApp calls would be great
You can select 'Only when in use' when granting Microphone, Location and Camera permissions to any app.
Vanadium bookmark export/import by downloading/uploading a file.