- Edited
Skyway Which apps do you need push notifications for ?
Sadly some mailing apps and social chatting apps that require GSF, play services
Help me understand the best user profiles + work profiles set up for me
Skyway you don't need to install apps in owner and push them to other profiles
This is true, hopefully I didn't communicate the wrong idea here. My point was that OP wants as little "talking" between apps and therefore it would be best to have as little apps per profile installed. Using the owner profile as command center to install and update all apps for every profile provides simplicity and the smallest amount of apps per profile.
If you do install/update apps on every user profile, it's worth mentioning that you should install it from the same source. You cannot install different versions of the same app, e.g. install Mullvad from Play Store on one profile and from Obtainium or Neo Store on another (the second install will fail).
N1b Set up notification forwarding however you desire.
If an app in the owner profile doesn't have network perms and an account signed in, wouldn't that mean there's no notification to push to the user profile? Or am I misunderstanding?
As far as I understand, if I want an app (that depends on google services) in a user profile to get notifs, they need the google trio (services, framework, store)
- Edited
drinkablederanged yes in this setup, notification forwarding makes only sense for Play Store and Obtainium on owner profile (and for whatever apps you need notifications from on user profiles). Not all apps need internet access for notifications to be useful (calendar, alarms, games with timer based reminders, productivity apps like todoist etc).
Would that defeat the purpose of security and privacy of the User profile if I install google's tro + sign into accounts I need notifications for in the owner profile?
[deleted]
- Edited
mmmm I think the reason it's not more widely considered a hole in security is because it requires the explicit intent of the developer of whatever app you're using to allow a specific app to access that data, then the other developer to program their app to access it. Another app couldn't just access the data by itself. However I would also appreciate the option.
drinkablederanged I can't really answer this. You need to define security and privacy in your threat model, and on GOS everything is more secure and private than on AOSP or Pixel OS by default.
There are things that Sandboxed Google Play Services can do to enable apps to see more stuff about you and also Google will see some stuff, but I'm no expert on the details. My general understanding is that you limit the privacy invasion of Google and other apps substantially and most people wouldn't worry about privacy with Sandboxed Google Play.
If you can find a way to live without the notifications find alternatives, this is of course the privacy cherry on top. For example: I use Tutanota instead of Protonmail exactly because I want notifications on my private GOS device but no Google Play Services, and Protonmail depends on GSF for notifications unfortunately.
So in short: With your idea of segregating apps over different user profiles and only installing Sandboxed Play in some of them, you should be within most thread models on this forum (maybe you're even overdoing it for your own needs). In the end only you will know, you can check out privacyguides for basic threat modeling if you're not sure where to start.
Thank you for taking the time for the thorough replies, I really appreciate it.
Sometimes I have been thinking of other models that fit with me that I haven't mentioned here and reading more on other's setups to get a better idea, so I'll think I've settled a comfortable setup for now, and if I just need something specific, instead of wiping my main profiles again I'll just make a new profile for it
a month later
N1b
hey! I've been looking on the forum for different options on how to intially set up my new gos device, and this suggestion from you looked the most interesting for my usecase, I really appreciate the time you took to write it out detailed enough for anyone to understand, also appreciated ur comment on keyboard+ offline speech to text suggestion in a different thread. I was hoping you could help me clarify a couple of things on this version of set-up.
- When i'm looking at the suggested layout - it seems perfect to me, what are some downsides of this approach if any ? (inconvenience is negligible fo rme here, so i don't really care.)
- If i have gPlay & Obtanium (i went with them after some research) on what logic do i base from which source i download the app, eg signal - i can have it through both, but in my head it doesn't really make much sense to download it from obtainium because the app will be used in a profile without google services anyway.
- Is my understanding correct, none of the apps downloaded from play store will be able to communicate to google if they are used in a different profile?
P.S It is my intent to disable all 3 elements of the gPlay on the owner profile and re-enable them only when performing updates
Would really appreciate your or anybody else's input.
Cheers!
- Edited
also a quick question - just now setting up a 2nd profile and the settings said that i can update and install apps from any profile.
so the 4th question would be - why manage all the apps on the owner - wouldn't it be more logical to create an 'app manager profile' and use that to do the updates?
Thanks!
eddit:
i think the settings notification is wrong or I misunderstood as i don't see a way to install the apps from the secondary profile to the owner
MrStreisand thanks for the kind words!
I lack the experience to know all the downsides to a "many user profiles" approach. You'll definitely miss some settings on user profiles compared to owner (e.g. WiFi and Bluetooth timeout are set globally in the owner profile, developer settings can't be unlocked etc.), but that can also be a good thing since it increases security (and dev settings are not recommended in general). Maybe using many profiles have some significant storage or battery usage impact since they can stay active in the background. And you'll have to set up a VPN per profile which is intentional, but it uses up your device slots in your VPN subscription (e.g. 5 profiles would use up one entire Mullvad license). There's probably more downsides, let's hope someone else can point them out.
Often the app is the same on gPlay and via Obtainium (it is with Signal). When this is the case, I'd use the gPlay version for convenience and security. Obtainium is a great complementary tool for when you want to use apps like Newpipe, replace or extend Signal with Molly (or get a beta version of Signal), use the full IVPN feature set or have apps like Simple Gallery Pro for free. There are many good reasons to have both sources, but I'd say more often than not gPlay would be my main source.
No every app can decide for itself what it collects and sends out. You can control the borders the app operates in (with storage and contact scopes, network and sensor permission, DNS firewall etc.) but if an app uses Google trackers and can send stuff to Google, it will do so, independently of its installation source or whether you use Play Services or not. At least that's my understanding and why I prefer FOSS software with no Google implementations whenever possible and reasonable.
As I understand it you can install and update apps on any profile (and identical apps will be updated for every profile simultaneously), but you can only push apps from the owner profile to user profiles. So in order to have this "one profile is the control and update center" approach, it must be the owner.
Hope this helps you and also triggers more educated people than me to comment and add ideas or correct me if I got anything wrong.
a year later
N1b hello, I too am researching about profile set ups. There seems to be a lot of good posts about this, however how exactly does one set up different profiles in graphene?
Specifically how would I log out and in to each profile?
Apps like Facebook messenger I don't like sitting right next to Signal app (for instance). Is this a legitimate concern, or would creating another profile on the same phone not help?
Thank you.
- Edited
K8y the setup is in Settings -> System -> Users. Whether it makes sense to use user profiles for you is totally up to your needs and desires.
I recommend you make a threat model and familiarize yourself with how user profiles work.
In the end it could be great for separating installation and usage, compartmentalization or simply for keeping work and private life apart. There's also the recent feature called private space which could replace setting up a user profile. Again: There are no general answers and I recommend to keep it simple until you can explain why you need to make your setup more complex. GOS with default settings is very, very good for your security and privacy.
- Edited
K8y then you could
- Not use Meta at all
- Not use their apps (but instead the website via Vanadium)
- Use the apps and trust that GOS will sandbox the well enough
In my opinion you won't have to worry about security on GOS. The app sandbox is very good, and your issues probably lie elsewhere. Meta apps in the same profile can share data with other apps with mutual consent (between the app developers). Also if you use Play Services, you'll share some data with Google too. That's rather the issue you could solve with user profiles.
K8y pulling notifications all the way down on lockscreen reveals user icon and the fact you use multiple profiles.
To my knowledge no privacy frontends to FB Messenger exist and even if they did, whoever with physical access to unlocked device would discover them. So for purpose of travelling, if you suspect such thing is going to possibly occur, only complete uninstallation is a viable choice. Luckily FB Messenger is a cloud based service, so restoring it takes very short amount of time.
5 days later
N1b There's also the recent feature called private space which could replace setting up a user profile.
How does one do the private space and what exactly does it do? I tried switching profiles, but like you said there is a very obvious icon that informs people you are on the alternative profile. Maybe Graphene can make this more discreet and under the radar of prying third world airport security checkers.
K8y this video explains it well.