All of our features including Contact Scopes, Storage Scopes and sandboxed Google Play have full support for Private Space. We added support for it significantly before the release of Android 15, even before the initial early release of the source code was published in September.
GrapheneOS fully supports the Private Space feature in Android 15, which is essentially a separate user nested inside of the Owner user.
We strongly recommend it as a replacement for a work profile managed by a local profile admin app. It has better OS integration and isolation.
Private Space is an isolated workspace (profile) for apps and data similar to both user profiles and work profiles. All 3 forms of profiles also have entirely separate VPN configuration which is very useful even if you connected to the same VPN, since exit IPs can be separate.
All forms of profiles have separate encryption keys. You can keep a Private Space at rest while the Owner user is logged in just as you can with a secondary user.
Private Space makes it easier to share data than users. The clipboard is shared, but we could add a setting for it.
GrapheneOS users choose to use the OS in different ways. A lot of people largely use open source apps and not sandboxed Google Play. Others use sandboxed Google Play in their main profile. Many use sandboxed Google Play in a dedicated profile to choose which apps use it.
Regardless of how people choose to use sandboxed Google Play, they're regular sandboxed apps without special access. Private Space makes it easier to use a dedicated profile for sandboxed Google Play though.
It's also worth noting you can still use a work profile alongside it.
All of our features including Contact Scopes, Storage Scopes and sandboxed Google Play have full support for Private Space. We added support for it significantly before the release of Android 15, even before the initial early release of the source code was published in September.
Gos needs to let us put on our desktop the private space apps, so we can quick launch them. Its a huge pain in the arse to scroll all the way down to unlock the space then to click on chosen app.
This is common with bank apps. They basically use google as their security instead of programming their own. That's typically why people run a secondary profile with play services enabled.
I havent tried gos yet, but afaik users can enable play services in a sandbox without using a different profile. Are you saying there's another way to fully run play services so sensitive bank apps will work?