Why create extra users at all?

theprivacydad

Hello, I am new to GrapheneOS and new to this forum. I write The Privacy Dad blog and am currently trying out GrapheneOS on a Pixel 7a.

My experience has been good so far, and a lot of that thanks to the excellent online documentation, which is clear and concise.

There is one point that seems contradictory to me which is combining sandboxed Google Play with different user profiles. I don't understand why multiple profiles are necessary if Google Play is sandboxed.

In the FAQ, I read this:

Users can choose to install Play services in specific profile(s) to control which apps can use it.

and in the usage section:

Since the Google Play apps are simply regular apps on GrapheneOS, you install them within a specific user or work profile and they're only available within that profile. Only apps within the same profile can use it and they need to explicitly choose to use it. It works the same way as any other app and has no special capabilities. As with any other app, it can't access data of other apps and requires explicit user consent to gain access to profile data or the standard permissions. Apps within the same profile can communicate with mutual consent and it's no different for sandboxed Google Play.

My question is: why is there a need for installing additional user profiles at all, if I can install a handful of apps from the Play Store and the rest from Droid-fy and Aurora? Will the Play Store somehow pick up on the existence of Aurora downloaded apps?

Thanks,
TPD

spring-onion

Hi and welcome.

theprivacydad Will the Play Store somehow pick up on the existence of Aurora downloaded apps?

Every app can figure out what other apps are installed in the same profile. Does this pose a meaningful privacy risk? Only you can decide.

There's the common setup of having one "clean" profile without the play services, and a second one where you do install them to put everything else in there that may depend on them, like your banking app for example.

You may not always want an app to be able to use play services (or talk to anything else really). As you quoted, apps can communicate with each other if they both agree to. This is done via interprocess communication (ipc). I remember someone in the community disabled network access to an app (I think it was a game) and yet it kept displaying ads because the play store had internet connectivity still.

At the end of the day there is no right or wrong here. It depends on your use case, you don't do anything inherently wrong by staying on the owner profile exclusively.

spiral

theprivacydad

Why is there a need for installing additional profiles...

Who says there is a need? You don't have to install additional profiles if you don't want to.

There are any number of reasons why someone would want to use a separate/additional profile. Perhaps one for business, one for pleasure. Maybe a profile ONLY for texting Grandma, one which does not have dictionary entries full of the normal foul language that gets typed on a daily basis, rendering potentially embarrassing autocorrects very unlikely. Maybe a profile which contains sensitive information that would best be kept encrypted, at rest, which would not be possible if that sensitive info was a part of the Owner profile.

Lots of people do not use additional profiles, I'm sure. There's no requirement to do so.

User2288

theprivacydad

Read this:

https://discuss.grapheneos.org/d/8985-new-grapheneos-user-adtech-mitigation/6

theprivacydad

User2288 Thanks, that is what I was looking for.

vcmj

One of the reasons I use another profile is that when you hit "End Session" it shuts the profile down, literally like the "virtual device" that represents it is powered off. Lots of apps use sneaky tricks to try and start their background services any way they can. Can't do that when the profile is shut down. You can just disable nasty apps when you're not using them, but using a profile is more convenient, at least for me.