1. Randomized Media Device Identifier for Widevine/Media ID

  2. Guest Profile Option to Delete Data But Not Installed Apps (New Profile/No Cache/All the Guest Apps)

  3. Password Protected Options - Require Entering a Password to Change Certain Options (Bluetooth, Airplane Mode, Mic Access, Camera, etc) to prevent accidents

  4. Daisy-chain VPNs: It would be nice to use a VPN prior to forcing all Apps through Tor

  5. Lock to 1 WiFi: I do not need Graphene to search around for additional WiFi options if my primary WiFi is not available. Even with MAC randomization, it's more data than I need to be emitting.

    Cool idea.

    (Your 1st one falls waaaay short of preventing divice fingerprinting, though)

    My list would include:

    1. Duress PIN/passphrase/fingerprint
    2. Amnesic profiles
    3. Working fingerprint after switching profiles (this one's on AOSP, but hey it's a wish list)
    4. App scope (most notably to have gplay installed and chose access to in on a per-app basis instead of having different profiles to do the trick)
    5. Mic/Cam/Location access auto turn off (sort of like app's "only this time" feature)

    Edit: 6. From a recent post: invisible profiles!

      greydson Randomized Media Device Identifier for Widevine/Media ID

      Something similar is planned: https://github.com/GrapheneOS/os-issue-tracker/issues/2314

      greydson Guest Profile Option to Delete Data But Not Installed Apps (New Profile/No Cache/All the Guest Apps)

      There is a guest profile on GrapheneOS already that comes with the default apps. Does that not meet your needs?

      greydson Password Protected Options - Require Entering a Password to Change Certain Options (Bluetooth, Airplane Mode, Mic Access, Camera, etc) to prevent accidents

      Those toggles can't be entered unless the phone is unlocked. If you don't want to toggle them accidentally whilst the phone is unlocked, I suggest removing them from the quick tiles. You will then have to go into Settings to toggle them.

      greydson Daisy-chain VPNs: It would be nice to use a VPN prior to forcing all Apps through Tor

      Not sure about this one.

      greydson Lock to 1 WiFi: I do not need Graphene to search around for additional WiFi options if my primary WiFi is not available. Even with MAC randomization, it's more data than I need to be emitting.

      There is a feature already to turn off WiFi automatically when there are no saved networks available. You can turn WiFi back on when you want to connect to your saved network once again.

      1. Faded app icon for disabled app. When click on app icon it will give the option to enable the app.

      2. Application scope for atleast Google play services to eliminate the user profile.

      3. Exceptions in storage scope. For example, for storage scope if a user want to hide a particular file/folder from app and want to give all files/folders access to app.

      Fantasy🥲:

      1. Ultra pro max battery saver
      2. Wifi hacking tool
      3. Putting phone near to someone's phone to hack them wirelessly like a hacker from movies.
      4. Assistant like Jarvis

        greydson

        Daisy-chain VPNs: It would be nice to use a VPN prior to forcing all Apps through Tor

        You can already do this with apps supporting chaining. They can support passing all the traffic through another app already.

        Lock to 1 WiFi: I do not need Graphene to search around for additional WiFi options if my primary WiFi is not available. Even with MAC randomization, it's more data than I need to be emitting.

        Scanning for Wi-Fi access points doesn't leak data as long as you don't have any saved hidden SSID APs.

        Hb1hf

        Duress PIN/passphrase/fingerprint

        This is being heavily worked on already.

        Amnesic profiles

        You'll need to explain what you want in more detail.

        Working fingerprint after switching profiles (this one's on AOSP, but hey it's a wish list)

        This works already.

        App scope (most notably to have gplay installed and chose access to in on a per-app basis instead of having different profiles to do the trick)

        App communication scopes within profiles are planned, but for now profiles provide it.

        Mic/Cam/Location access auto turn off (sort of like app's "only this time" feature)

        This wouldn't really work since apps would keep it active if they were using it.

          Themble

          Apps from other profiles not visible in current app list (when entering Settings -> Apps).

          This wouldn't hide the installed apps since there are other ways of detecting them such as attempting to install an app with the app id of the app you want to detect with a different signing key than the official one. If it fails to install due to a signature error, the app is installed.

          • [deleted]

          • Edited

          Ram
          Wifi hacking tool
          Putting phone near to someone's phone to hack them wirelessly like a hacker from movies.

          GrapheneOS is not Kali Linux lol

            GrapheneOS

            Thanks for your reply!

            Good to know about duress pin and app scopes!

            Fingerprint access after switching profiles: it's buggy. People report having to use pin/pf in the first time after switching back and for some people it never turns back on. For me some updates make it better, others bring the issue back.

            Amnesic profiles: the idea came from this discussion:
            https://discuss.grapheneos.org/d/6639-can-someone-create-amnesia-mode-for-profiles
            It's basically a profile that keeps no user/app data. It either returns to a blank profile or to a blank + installed apps after being logged out.

            Mic use: it's a shame. Having the mic off except for phone/signal/WhatsApp calls would be great, specially for the phones we set up for family members who are not great privacy enthusiasts, and who won't bother to manually turn the mic back off after every call.

            Oh, and what about invisible profiles, if it's not asking much?

              I would really like a shared folder/files option for different profiles being able to share select files or folders, without having to plug in an external USB-C memory stick. To be able to read select folders or files created in one profile from the owner profile, but not necessarily vice versa.

                TrustExecutor
                if you download Protondrive in both profiles? It is free (limited) and can do the job or am I missing something?
                Even when use different inlog, you can use the share link to the other.

                13 days later
                • [deleted]

                Hb1hf Having the mic off except for phone/signal/WhatsApp calls would be great

                You can select 'Only when in use' when granting Microphone, Location and Camera permissions to any app.