• General

  • Help me understand the best user profiles + work profiles set up for me

Hey all,

I've been doing a lot of reading on here, the FAQs, reddit and videos, but I'm still not entirely sure what is the best setup for me.

What I need

  • push notifications
  • making sure apps don't "talk" to each other or to someone else with my data (afaik, apps don't talk to each other unless they have read/write perms? Does that mean a setting elsewhere or does that mean 2 apps with let's say "network" permissions both enabled?)

Originally I was running the following:
Owner:
All apps installed, no accounts signed in, Google Play Services, Google Play Store, Google Services Framework (GSF) installed

User Profile 1:

  • All of the above installed (minus banking and shopping apps)
  • No google accounts signed in
  • play store apps (via aurora) installed, signed in with non-google accounts
  • FOSS apps installed via neo store, signed in

U Profile 2:

  • Banking apps
  • Play services, GSF installed, no play store

U Profile 3:

  • shopping apps
  • Play services, GSF installed, no play store

The Owner installs everything and then give only what was needed on each profile.

But after doing some digging, I was thinking of the next setup:

Owner
Personal Profile

  • social apps, general use (both are a mix of aurora store and FOSS installs)

Work Profile

  • play services, GSF, play store
  • google related apps, apps from the play store/aurora

User Profile 1

  • banking apps

U Profile 2

  • shopping apps

If I do go with the next set up, do apps have any chance of accessing and manipulating administration settings...?

Tips and suggestions are welcome to help me better understand the OS and so i can make an informed decision.

    • [deleted]

    • Post #2

    drinkablederanged apps don't talk to each other unless they have read/write perms?

    What do you mean by 'read/write perms'? Apps can talk to each other mutually without requesting any type of permission from the user

    drinkablederanged do apps have any chance of accessing and manipulating administration settings...?

    What do you mean by 'manipulating administration settings'? Apps can't mess up with sensitive stuff in your system but they can still do a lot of not-sensitive stuff

          [deleted] What do you mean by 'read/write perms'? Apps can talk to each other mutually without requesting any type of permission from the user

          I was reading this bit here https://grapheneos.org/faq
          "Apps do not have access to user data by default and cannot ever access the data of other apps without those apps going out of the way to share it with them. If apps are granted read access to user data like media or contacts, they could use it to identify the profile. If apps are granted write access to user data, they could tag it to keep track of the profile"

          [deleted] What do you mean by 'manipulating administration settings'? Apps can't mess up with sensitive stuff in your system but they can still do a lot of not-sensitive stuff

          Okay good to know

                • [deleted]

                • Post #5
                • Edited

                drinkablederanged

                "Apps do not have access to user data by default and cannot ever access the data of other apps without those apps going out of the way to share it with them."

                The bolded part is the key here, hence the mutual part, any app can give another app permission to talk to it without any user interaction. But both apps have to participate. It's called IPC. It does not require network permission at all. If the apps are in the same profile they can potentially IPC period.

                    [deleted]

                    This is such an annoying aspect, aside profiles there is no way to disable this? Or even tell it’s happening? I assume that this is something that apps can do in iOS ecosystem also, or is it an Android thing?

                        • [deleted]

                        • Post #8

                        mmmm Something like scopes for IPC is something that's been discussed quite a bit not sure if they are planning to do it.

                            drinkablederanged just wondering: What do you need Aurora and Neo Store for on the user profiles if you install all apps in the owner profile anyway? Wouldn't it decrease your attack surface if only the owner profile has the stores and does the updates? The owner profile won't have any app containing user data (so "talking" is not much of a risk factor) and all user profiles are as minimal as possible (without app stores, therefore also less potential "talking"). You could even deactivate network permission for all user apps on the owner profile so they can share data but not send it.

                            In your threat model, you'd probably have autoreboot turned on or at least a good habit for updates. You could do a daily reboot, sign in to the owner (which you'll have to) and use that occasion to check for updates.

                            PS: You can read a lot on this forum about work profiles being inherently less secure and private, so I don't get why you'd go from only user profiles to a work profile alongside user profiles. But that's another topic.

                                N1b
                                Interesting, just so I understand you correctly, how does that look? eg.
                                Owner:
                                Aurora, Neo

                                User profile 1:
                                Apps desired

                                From my understanding, Owner installs and distributes to user profiles.

                                Today I spent time learning about RSS and Obtainium, so I'm guessing those also stay on the owner profile?

                                Now I'm thinking for Play Services and Play Store on User Profile 1 for notifications, then another part of me is saying "defeats the whole purpose of this profile cause of IPC" or am I thinking wrong?

                                    drinkablederanged yes you pretty much got it right. I guess you could keep it simple by choosing only 2 "store" apps:

                                    • Play Store or Aurora for apps you need from Google (e.g. banking apps)
                                    • Optainium, Droid-ify vor Neo Store for anything else

                                    There are many threads on here discussing the differences. Those 2 apps of your choice are in your owner profile to install and update all needed apps and then you push them to as many user profiles as you wish for your threat model. If you need Google Play Services for notifications, you should install it according to the official guide.

                                    I don't use Sandboxed Play Services like this, but I suspect some apps will only function properly if installed after you installed Play Services first. Here's what I would do when setting up GOS from scratch with your requests:

                                    1. Set up the owner profile (settings like disable sensor permission by default, screen timeout, wifi timeout, auto reboot etc.).
                                    2. Set up all desired user profiles and install Sandboxed Play Services on the profiles that need them.
                                    3. Install "app stores" on owner profile (I'd choose Play Store and Obtainium for security reasons) and install all your apps, disable network access right away (uncheck box upon installation).
                                    4. Push the apps to their respective profiles, disable app installation on all user profiles. Set up notification forwarding however you desire.
                                    5. Complete setup of user profiles (settings, logging into apps etc.).

                                    I have not done this myself as my threat model requires me to use 2 devices, but each without user profiles. Therefore this is theoretical, maybe wait a day or two for more experienced people to discover any flaws in this idea.

                                        drinkablederanged

                                        Your last "thinking" set-up, has the banking apps in a profile without Google, you get push notifications? I thought banking apps need Google to work, mine does.

                                        You can download Obtainium in another profile, no need to download in the owner profile for look and download apps you want. Easy to understand is that each profile is like another phone you have, that's why need to set-up all settings from start in a new profile. And in the owner profile you can see all apps downloaded in your phone, meaning in all profiles, but if for your example you have download Tor in profile 2, you can see this in the owner profile, but you can't use this app in the owner profile. Apps downloaded in the owner profile can if you enable them, "push" to another profile so you no need to download them again, this is only for the owner profile, and not the other way around.

                                            drinkablederanged you don't need to install apps in owner and push them to other profiles . you can install in the profile you want them in .
                                            If you install an app in user profile 2 it can be pushed to any profile besides owner via the owner setting .
                                            The owner profile can be blank if you wish .
                                            Which apps do you need push notifications for ?

                                                88dotorg Your last "thinking" set-up, has the banking apps in a profile without Google, you get push notifications? I thought banking apps need Google to work, mine does.

                                                For my needs, I don't require notifications for my banking apps, all I need them to do is to check and manage my balance, I don't think I remember if my banking apps even send me notifications for anything, they always send through SMS (yeah I know, real bad).

                                                  Skyway Which apps do you need push notifications for ?

                                                  Sadly some mailing apps and social chatting apps that require GSF, play services

                                                    Skyway you don't need to install apps in owner and push them to other profiles

                                                    This is true, hopefully I didn't communicate the wrong idea here. My point was that OP wants as little "talking" between apps and therefore it would be best to have as little apps per profile installed. Using the owner profile as command center to install and update all apps for every profile provides simplicity and the smallest amount of apps per profile.

                                                    If you do install/update apps on every user profile, it's worth mentioning that you should install it from the same source. You cannot install different versions of the same app, e.g. install Mullvad from Play Store on one profile and from Obtainium or Neo Store on another (the second install will fail).

                                                      N1b

                                                      N1b Set up notification forwarding however you desire.

                                                      If an app in the owner profile doesn't have network perms and an account signed in, wouldn't that mean there's no notification to push to the user profile? Or am I misunderstanding?

                                                      As far as I understand, if I want an app (that depends on google services) in a user profile to get notifs, they need the google trio (services, framework, store)

                                                      • N1b replied to this.

                                                            drinkablederanged yes in this setup, notification forwarding makes only sense for Play Store and Obtainium on owner profile (and for whatever apps you need notifications from on user profiles). Not all apps need internet access for notifications to be useful (calendar, alarms, games with timer based reminders, productivity apps like todoist etc).

                                                                N1b

                                                                Would that defeat the purpose of security and privacy of the User profile if I install google's tro + sign into accounts I need notifications for in the owner profile?

                                                                • N1b replied to this.