spiral

I’ve been a long term user of GOS but have recently dipped my toe into the pool of Googled Androids. I’ve spent a couple of months with the OnePlus 12 and find it to be a fantastic device from a usability standpoint but am irked by its clear privacy/security issues, i.e. that OnePlus is owned by Oppo, plus all the normal problems that come with regular Android.

I am using the OP12 as an everyday phone and not for anything sensitive, however i am curious to what degree the OP12 might be more easily broken into if in LEO’s hands than would an iPhone, GoS Pixel or regular Pixel.

van2z

Scopes is nothing like having a completely separate user profile and though I don't use Shelter or similar I think scopes is pretty different from that as well.

Speeduser7533

Currently, you can choose to disable fingerprint for authenticating access to the phone (i.e., require passcode/password for entry into phone) while still allowing fingerprint to work for all other functions once you're inside the user profile.

Settings > Security > Fingerprint unlock > [enter pin or passcode] > use for screen unlocking

Psycowave

There's no real "best practice," it just depends on a person's use case and preferences.

Similar to how, in Linux for example, one's main User should not have unlimited sudo permissions, it can be considered a good idea to have your daily driver User on GoS inside of a secondary user. Since certain core settings for the OS can only be accessed from the Owner profile, using a secondary User can limit exposure to these settings if, for instance, your phone is snatched out of your hand while inside a secondary user.

Amazing. Thank you Devs, another huge feature added.

https://grapheneos.org/donate

Kai1

Thanks for this excellent breakdown.

strict-marsh

There is no "best practice" which will be recommended by GoS.

You're not gonna have all the answers before you set your phone up. Alot is this just trial and error, and testing.

Vagabond8630

When I wrote that my Owner profile is blank, I meant blank - there is currently nothing there. It looks exactly like a freshly-installed GoS Owner account.

Your description of my Owner and User profiles is what I want to change to, where the Owner profile would indeed not be blank.

Answering your questions:

1. Yes, this is what I want Owner to look like - essentially a package manager for the rest of the User profiles.

2. Already answered but to reiterate, when I wrote "blank" I meant totally blank. That is how my setup is now, which I've determined to be not ideal and would like to change.

3. The benefit from such a setup is: easier setup for User profiles.

I commonly use many of the same apps across profiles. Molly/Some type of keyboard/FairEmail/Protonmail etc.. Currently (in other words, with a blank Owner) it is tedious to configure User profiles which share common apps.

As you likely are aware, apps cannot be pushed from one User to another User, nor can they be pushed from any User to Owner. Apps can only be pushed from Owner -> User. Ergo, designating a User profile to be the package manager is limiting, at least so in my opinion. I will be changing my phone's setup to mirror pretty much exactly your description for "Owner Profile and Secondary Profile."

strict-marsh

You simply go to the user profile where you accidentally installed it, and uninstall it exactly like you'd uninstall any app.

If you have one app installed across five profiles and you want that app globally uninstalled, you currently must go into each of the profiles and manually uninstall every instance of that app.

dashorn

Automatic backups?

Hb1hf

Yup. It happens to me on a P8P, same as it did on a 7.

Now, when switching profiles and the password/code screen comes up, I simply press the power button to turn off the display, then press it again. From here, fingerprint sensor is available.

mmmm

Excellent!

mmmm

I think you simply need to do a test run to see how it works.

You don't have to uninstall them from the secondary profile if you don't want to.

It doesn't matter in which profile an app is located. Wherever that app gets updated, it will get updated in all other profiles as well.

It also doesn't matter if you update the apps inside Owner, nor profile 2, nor profile 3, etc.. in whichever the app gets updated, it'll then be updated universally.

In my case, I want to have all my apps being updated in Owner SIMPLY because I want to be able to push apps to new profiles quickly and easily. With my current setup (Owner is blank, Profile 2 is daily driver with most of the apps/Play Store) I cannot easily install apps into other profiles. To install them in other profiles I would have to, for instance, 1) download the APK to a USB drive and manually move them 2) install Google Play Services THEN log into my Play account THEN download those same apps. All that instead of being inside Owner profile, going to Settings -> System -> Multiple users, and installing the apps from there.

mmmm

Install them into the owner profile using the same source which you installed them from in the secondary profile.

Example - if you installed the apps in Secondary using Play Store, simply use Play Store to install them into Owner. If GitHub, use GitHub.

Android will not let you install the same APK from different sources, if you try an error will be thrown. Whatever existing APK you install into owner must come from the same source as what was installed in Secondary AND must be at an equal-to or higher-than version number compared to what exists in Secondary.

If you have multiple apps installed into Secondary which come from multiple sources and you aren't sure which app came from where, you can view the App Store source for that app by long-pressing on the App, selecting "Info" and then scrolling nearly to the bottom. There, under "App details'" the app source should be listed.

mmmm

Well currently, my Owner profile actually has nothing in it.

I want to change it to where owner profile is the "App Manager" for all the profiles.

There isn't much to mess up. Simply install the apps in Owner, then push them to whichever Secondary profiles you'd like them to be inside of.

I've configured my GoS phone many different ways. As I go along, ometimes i may find a need to change it up from what I've been doing. There aren't any wrong answers.

mmmm

Ahh, I had to look back and see what I wrote!

"Blank" meaning empty, where my "daily driver" profile is a secondary one.

I'm about to alter this slightly, though, by having the Owner profile contain every (or nearly every) app necessary for all profiles since apps can only be pushed to secondary profiles from Owner. I will still continue to use a secondary profile as my daily driver.

Oggyo

Thanks for this.

geovanni

Google Play Services may need to be installed before you install n-track. Additionally, Google Play Services probably needs network permissions to be allowed.

ryrona

MDM is a very popular thing. Pretty much any company which issues their employees laptops or mobile devices of any kind will be managed (MDM = Mobile Device Management) by the company through MDM.

Your assumption about using a private sim is not necessarily correct. It's possible that through an MDM you wouldn't even be able to use a private or secondary sim as they would disallow it.

If a device has an MDM on it that basically means the device will use any available network connection to "phone home" for the sake of validation. If the device serial number/IMEI has been blacklisted or selected for remote wipe, the device is toast.