this post was submitted on 22 Oct 2024
52 points (100.0% liked)

GrapheneOS [Unofficial]

1712 readers
10 users here now

Welcome to the GrapheneOS (Unofficial) community

This feed is currently only used for announcements and news.

Official support available on our forum and matrix chat rooms

GrapheneOS is a privacy and security focused mobile OS with Android app compatibility.

Links

More Site links

Social Media

This is a community based around the GrapheneOS projects including the hardened Android Open Source Project fork, Auditor, AttestationServer, the hardened malloc implementation and other projects.

founded 3 years ago
MODERATORS
 

GrapheneOS fully supports the Private Space feature in Android 15, which is essentially a separate user nested inside of the Owner user.

We strongly recommend it as a replacement for a work profile managed by a local profile admin app. It has better OS integration and isolation.

Private Space is an isolated workspace (profile) for apps and data similar to both user profiles and work profiles. All 3 forms of profiles also have entirely separate VPN configuration which is very useful even if you connected to the same VPN, since exit IPs can be separate.

All forms of profiles have separate encryption keys. You can keep a Private Space at rest while the Owner user is logged in just as you can with a secondary user.

Private Space makes it easier to share data than users. The clipboard is shared, but we could add a setting for it.

GrapheneOS users choose to use the OS in different ways. A lot of people largely use open source apps and not sandboxed Google Play. Others use sandboxed Google Play in their main profile. Many use sandboxed Google Play in a dedicated profile to choose which apps use it.

Regardless of how people choose to use sandboxed Google Play, they're regular sandboxed apps without special access. Private Space makes it easier to use a dedicated profile for sandboxed Google Play though.

It's also worth noting you can still use a work profile alongside it.

All of our features including Contact Scopes, Storage Scopes and sandboxed Google Play have full support for Private Space. We added support for it significantly before the release of Android 15, even before the initial early release of the source code was published in September.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Broken@lemmy.ml 2 points 3 weeks ago (1 children)

GOS play services are sandboxed by default, it's how they implement it. The sandbox just keeps it from having full system root integration so its not in everything by default like normal android. It still is full play services though.

What I'm saying is that if you don't want that on your phone but you do want to use apps that rely on it then you can set up a secondary profile. On the second profile install play services and any apps that need it. That way its segregated from your main activity. Other profiles are essentially viewed as their own phone installation so they dont talk to each other.

[โ€“] heyfrancis@lemmy.ml 1 points 3 weeks ago

Oh ok. But just to be clear (IIUC) if the app uses or requires Play Integrity api, it won't work in GOS even if I use a 2nd profile for play services?