regarding #grapheneOS
Starting to wonder why not just two profiles: primary/main for all the important stuff and "public" or "exposed" or "google" for all the stupid apps that require google services...why not? Any good reason? Wife isn't super tech-savvy so trying to make the transition from her iPhone as painless as possible.
I need to look into Graphene more. I'm tired of Android forcing updates and making my phone annoying to use before I eventually "update" it out of pure frustration.
I have three.
1. Daily driver Foss apps
2. KYC'd
3. Bitcoin on Tor
I'm on Calyx, might try Graphene next, I like the sound of it.
This is a common way people set-up user profiles, no issue with using it this way if you're fine with sacrificing a little user experience.
I watched some guy on YouTube who said we need like 6 profiles, separating finance from work from personal from private from google and one for the kids on top of primary. I think that's...overkill.
Seems we get all the benefit we're after by using the primary as the main/FOSS/private profile, and dump all the Spyware apps into a Google Play "spies" profile.
BTW, I'm loving it. Thank you!
Can be, but unless the threat model calls for it then sure.
I currently have 4 profiles, not counting the Owner which has nothing but a VPN on it for OS updates.
One is for normal use
One for Google Play required apps
One for handling cryptocurrencies separately (that way data is only not at rest when not using it)
One for Tor only usage (very rare and unused)
I rarely use the others to be honest
why do people not want to use the owner/default profile?
Because the data for that is *always* not at rest the moment you unlock the device once after boot. On a user profile you can put data at rest by pressing the end session button, you cannot do that for the Owner because the owner manages crucial OS functions. It is how Android works. To put Owner at rest you need to power off the device or restart it instead.
It's a more extreme move but it adds resistance to attacks especially in forensic situations.
i see that makes sense and thank you for explaining. guess better to know now than later. Is there somewhere can learn more for questions, like how do you setup your apps, do you manage them (is updates) in base owner profile, or in each separate one?
guess I just installed it and didn't go too deep reading the instruction manual, I should do that
Many of that depends on users but I would suggest reading the docs and guides on https://grapheneos.org for it. How and where people get their apps is down to who they trust to do the job.
We have expressed interest in adding Accrescent.app (a privacy and security focused app store) as a mirror to our app repository soon. It's app catalogue is very small and it is in early alpha but it's hopeful users add onto it. When that happens we will recommend users to use Accrescent further.
The forums also exist ( https://discuss.grapheneos.org ) as well for user questions
