I got a new phone. Skipped a few generations and now I'm running the current GrapheneOS, based on Android 15. I've moved most of the apps, but now I'd like to install my 3 banking apps and 5 discount program spyware apps. I guess I best separate them from the rest of the arbitrary stuff. Banking apps so they can't be messed with, and shady discount programs so those apps can't mess with me and my data...
The internet has a lot of information about Shelter, work profiles, the new(?) private spaces... But I don't know what is current advice and what's outdated advice... What's the current best practice?
No that is not correct. I actually use both.
Island etc enables the work profile.
Likely, the work profile uses internally a different, additional user account. But for the device owner there are some differences. Work profile apps you can configure, launch and access directly from the main account. Also there is some limited sharing possible. The notifications are also shared. If you use (multiple) additional user accounts very little is shared. I think the cell phone functionality maybe. Apps are also shared internally but that is not transparent to the user.
Up through Android 14 everything boils down to different programs to manage a work profile. I've always used Shelter or just straight up used the built in work profile support in LineageOS.
I don't know if it's possible to create more than one separate space.
Edit: the only way I've found to make two separate app containers on android <= 14 is a combination of a work profile and Samsung's secure folder. I don't know of any other sandbox technique.
Hmmh, I was looking for info on Android 15 and the future. But you're right. I've enabled the private space now and it seems it's just one. I might have to use a combination of techniques anyways, or something like Shelter... I had hoped there is a single and clear answer to my question 😆
Which to me sounds like 'private spaces' is made for this purpose, while shelter + work profile was a workaround for some time. Since it is new, it might take some time for FOSS apps to implement related features, like being able to launch those apps from your homescreen.
Hopefully someone else comes with better advice :)
Edit: these ones suggests that private spaces is better
Thx for all the links. I've enabled the feature now. I'm not sure if it's meant for both use-cases but I think I'll put the dicount apps from the supermarket there.
As I understand it, the banking apps should benefit most from the default sandboxing in GrapheneOS. I'm not sure there's much benefit in further separation of them is there?
Good question. I mean that's why I wrote exactly what I'm trying to do... And on second thought... I don't want to bury them completely, since I need the bank and PayPal to send me notifications and pop up once I need to confirm some transaction...
Maybe I should just install them as is, and use that private space feature for random stuff that collects my data and sells it to third parties.
I was going to use the new Private Space on A15 for my banking app, until I discovered the apps inside the private space are stopped when you lock it.
This makes it completely useless for me since I need to get notifications from my bank.