Nostr

regarding #grapheneOS profiles

I watched a video recently about how to set up profiles, apps, etc., for privacy and security. The guy recommended SEVEN profiles: primary (empty), me, kids, finances, work, private, and google.

I think that's overkill. My thoughts:

- primary (blank): yes - it's kind of like the admin account

- me: why? - what goes here that isn't either public (requiring Google Play stuff) or private? ...unless this is a decoy "me" and you plan to just delete 'private' before your device gets got

- kids: yes - actually a decent idea for when they borrow my device

- finances: why? all the fiat bills and banks need KYC and Google Play anyway - btc stuff goes to private anyway

- work: why? all the MSFT stuff needs Google Play Services

- private: yes

- google: why separate?

So that means:

- primary (blank)

- kids (limited apps, controls)

- public (anything that needs Google Play)

- private (all the good stuff)

Tip: install whatever you're going to put on multiple profiles before creating them, especially obtanium and your chosen keyboard app - speeds up their installation

I'm still figuring this stuff out so drop your pro tips here....

Reply to this note

Please Login to reply.

Discussion

freeborn | ἐλεύθερος | 8r0gwg 1y ago

...actually, I might just go with

- primary (empty)

- me (public/Google)

- notme (private)

😄

#grapheneOS

Slimer 1y ago

if you install the play store and give it perms to install apps Google can see all apps across all profiles anyway. Fact check this but I believe this is the case.

If you install play services it makes sense to benifit from the play store's security with a burner account and if an app is removed or censored use another method to obtain said app.

I can only see the benefit from a main profile and a kids profile. Or just have a main and run FOSS only if that's achieveable for your needs.

#GrapheneOS

freeborn | ἐλεύθερος | 8r0gwg 1y ago

What you're saying about play services might be true if you install it on the primary profile, but not a subprofile - otherwise what does ”sandboxing” even mean?

freeborn | ἐλεύθερος | 8r0gwg 1y ago

Maybe nostr:npub1c9d95evcdeatgy6dacats5j5mfw96jcyu79579kg9qm3jtf42xzs07sqfm can confirm this.

final [GrapheneOS] 📱👁️‍🗨️ 1y ago

The Play Services being sandboxed means they are placed in the same sandboxes that other user installed apps would have. What the apps see entirely depends on what you allow via the permission controls. If you are concerned about app communication then use a user profile to separate.

The sandboxed Google Play apps cannot see installed apps by themselves, but, if you are using Play Store to get them then it is likely they'd get an idea. If an independent app includes Google connections or services within them then that is a separate matter. Some also work without it, Firebase Ads and Analytics is an example of a library that works without Google Play services.