mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2025-07-01 17:22:39 +00:00
Apply minor style suggestions from code review
Signed-off-by: redoomed1 <redoomed1@privacyguides.org>
This commit is contained in:
@ -29,7 +29,7 @@ While originally intended for multiple people, there are a number of advantages
|
||||
|
||||
### Isolating Apps
|
||||
|
||||
Apps installed in one user profile cannot communicate with apps installed in a different user profile. It is not possible to access the app data or storage of one user from a different user at all, the workspaces are completely isolated.
|
||||
Apps installed in one user profile cannot communicate with apps installed in a different user profile. It is not possible to access the app data or storage of one user from a different user at all. The workspaces are completely isolated.
|
||||
|
||||
If you have multiple accounts with any apps that don't support multiple logins, this feature can really come in handy. Using multiple users allows you to have multiple, independent copies of an app installed on your device, one per user. Each app install can be logged in with different credentials and have access to different data.
|
||||
|
||||
@ -43,9 +43,9 @@ This could come in handy if you have two different sets of contacts, say, a work
|
||||
|
||||
It is also possible to end the sessions of secondary users, which puts its data at rest (a more secure state) and stops its apps from running in the background.
|
||||
|
||||
This is particularly relevant when using a [custom ROM](https://www.privacyguides.org/en/android/distributions) with non-system Google Play Services, such as Sandboxed Google Play on GrapheneOS. For example, you could have a secondary user with Google Play Services, and a primary user without, letting you choose when exactly you are making connections to Google. We'll delve deeper into this example later on.
|
||||
This is particularly relevant when using a [custom ROM](https://www.privacyguides.org/en/android/distributions) with non-system Google Play Services, such as sandboxed Google Play on GrapheneOS. For example, you could have a secondary user with Google Play Services, and a primary user without, letting you choose when exactly you are making connections to Google. We'll delve deeper into this example later on.
|
||||
|
||||
Additionally, each user makes its own independent [VPN](https://www.privacyguides.org/en/vpn/) connections. If you have two user sessions running, they could be connected to different VPN providers, different countries, or you could have one user connected to a VPN and one that doesn't use a VPN at all.
|
||||
Additionally, each user makes its own independent [VPN](https://www.privacyguides.org/en/vpn) connections. If you have two user sessions running, they could be connected to different VPN providers or different countries. You could even have one user connected to a VPN and one that doesn't use a VPN at all.
|
||||
|
||||
### GrapheneOS Specific
|
||||
|
||||
@ -59,25 +59,25 @@ If you use [**GrapheneOS**](https://www.privacyguides.org/en/android/distributio
|
||||
|
||||
When it comes to juggling multiple users, the best approach will always be highly dependent on your data, the apps you use, and your typical workflows.
|
||||
|
||||
It's important to think about how **you** use your device, because you might use apps in conjunction with one another in ways that someone else might not. Similarly to [Qubes](https://www.privacyguides.org/en/os/qubes-overview/), the correct number of isolated users and the apps you install within them is basically subjective, there's no "best" approach.
|
||||
It's important to think about how **you** use your device because you might use apps in conjunction with one another in ways that someone else might not. Similarly to [Qubes](https://www.privacyguides.org/en/os/qubes-overview), the correct number of isolated users and the apps you install within them is basically subjective. There's no "best" approach.
|
||||
|
||||
This being said, there are a few common or popular setups we see within the *Privacy Guides* [community](https://discuss.privacyguides.net/) which might make sense for you, or at least could help you start thinking about the best ways to isolate your apps and data from each other. You could also certainly use any combination of these approaches. At least within the confines of the maximum number of users available on your device, the sky's the limit!
|
||||
|
||||
### Isolating Google Dependencies
|
||||
|
||||
To preserve your privacy, the most commonly recommended "minimum" setup for multiple users on Android *with GrapheneOS* is a two user setup, where only one secondary user has Google Play Services installed.
|
||||
To preserve your privacy, the most commonly recommended "minimum" setup for multiple users on Android *with GrapheneOS* is a two-user setup, where only one secondary user has Google Play Services installed.
|
||||
|
||||
In this setup, the system user only contains apps that don't require Google Play Services, like open source apps installed with [Obtainium](https://www.privacyguides.org/en/android/obtaining-apps/#obtainium) or [F-Droid](https://www.privacyguides.org/en/android/obtaining-apps/#f-droid). The secondary user would contain apps from [Aurora](https://www.privacyguides.org/en/android/obtaining-apps/#aurora-store) or Google Play that rely on Google Play Services, such as some banking apps, social media apps, etc.
|
||||
In this setup, the system user only contains apps that don't require Google Play Services, like open source apps installed with [Obtainium](https://www.privacyguides.org/en/android/obtaining-apps/#obtainium) or [F-Droid](https://www.privacyguides.org/en/android/obtaining-apps/#f-droid). The secondary user would contain apps from [Aurora Store](https://www.privacyguides.org/en/android/obtaining-apps/#aurora-store) or the Google Play Store that rely on Google Play Services, such as some banking apps, social media apps, etc.
|
||||
|
||||
This configuration is really only viable with GrapheneOS and Sandboxed Google Play (or [another](grapheneos-or-calyxos.md) custom ROM with non-system microG), because that setup doesn't require Google Play Services be integrated with the system. On your typical stock Android device Google Play Services will be installed with system-level permissions, meaning that it will be present in all user profiles on your phone.
|
||||
This configuration is really only viable with GrapheneOS and sandboxed Google Play (or [another](grapheneos-or-calyxos.md) custom ROM with non-system microG) because that setup doesn't require Google Play Services be integrated with the system. On your typical stock Android device, Google Play Services will be installed with system-level permissions, meaning that it will be present in all user profiles on your phone.
|
||||
|
||||
### Minimal Owner Profile
|
||||
|
||||
Another frequently utilized configuration is keeping the system user as bare-bones as possible and *only* using (a) secondary user(s), to increase the security of your device.
|
||||
Another frequently utilized configuration is keeping the system user as bare-bones as possible and *only* using (a) secondary user(s) to increase the security of your device.
|
||||
|
||||
This is because the system user has a number of special privileges that other users do not, such as the ability to enable ADB or other developer tools, for example. By avoiding regular usage of the system user, these settings become harder to unintentionally access.
|
||||
|
||||
An additional advantage of this approach is that it makes cleaning up and erasing portions of your device easier. Secondary users can be erased very easily, if the need to do so for any reason arises. Doing so won't affect other users on the device. On the other hand, the system user can only really be erased with a full factory reset, which would also wipe out all users on the device at once.
|
||||
An additional advantage of this approach is that it makes cleaning up and erasing portions of your device easier. Secondary users can be erased very easily if the need to do so for any reason arises. Doing so won't affect other users on the device. On the other hand, the system user can only really be erased with a full factory reset, which would also wipe out all users on the device at once.
|
||||
|
||||
### Per-Persona
|
||||
|
||||
@ -99,19 +99,19 @@ It's perfectly reasonable to decide that the standard sandboxing is all you requ
|
||||
|
||||
Another alternative to multiple users on Android are **profiles**, which are separate workspaces contained within a single user.
|
||||
|
||||
The most well known implementation of profiles on Android are **Work Profiles**. In normal usage, a Work Profile might be set up on your phone by your employer, in order for them to install work-related apps without giving them full access to your device and personal apps. However, if you don't already have a Work Profile installed, you can also create a personally-managed one yourself by using an app like [Shelter](https://www.privacyguides.org/en/android/general-apps/#shelter) or Insular.
|
||||
The most well known implementation of profiles on Android is the **Work Profile** functionality. In normal usage, a Work Profile might be set up on your phone by your employer in order for them to install work-related apps without giving them full access to your device and personal apps. However, if you don't already have a work profile installed, you can also create a personally-managed one yourself by using an app like [Shelter](https://www.privacyguides.org/en/android/general-apps/#shelter) or Insular.
|
||||
|
||||
A big advantage of Work Profiles is that apps installed in the profile are accessible from your regular launcher, without having to log out and switch user sessions. It is also very easy to multitask between apps installed in a Work Profile and personal apps.
|
||||
A big advantage of Work Profiles is that apps installed in the profile are accessible from your regular launcher without having to log out and switch user sessions. It is also very easy to multitask between apps installed in a work profile and personal apps.
|
||||
|
||||
Work Profiles are much more isolated from your personal apps compared to the typical app sandbox, but they *do* share some underlying resources with the rest of your user profile, making them a bit of a middle-ground between standard app sandboxing and full multi-user isolation.
|
||||
Work profiles are much more isolated from your personal apps compared to the typical app sandbox, but they *do* share some underlying resources with the rest of your user profile, making them a bit of a middle-ground between standard app sandboxing and full multi-user isolation.
|
||||
|
||||
#### Private Space
|
||||
|
||||
In Android 15, a new feature called **Private Space** was introduced, which is very similar to Work Profiles in function, but does not require a separate management app like Shelter to use. Because this is a built-in feature, we always recommend using private profiles before or instead of using Work Profile functionality whenever possible.
|
||||
In Android 15, a new feature called **Private Space** was introduced, which is very similar to work profiles in function, but does not require a separate management app like Shelter to use. Because this is a built-in feature, we always recommend using private profiles before or instead of using Work Profile functionality whenever possible.
|
||||
|
||||
Again, Private Space is a middle-ground between the standard sandboxing and multiple users. One example of a shared resource between the system user and the private profile it contains is the clipboard. This is a very significant vector to leak information between your standard apps and apps installed in the private space if you do not manage it properly.
|
||||
Again, Private Space is a middle-ground between the standard sandboxing and multiple users. One example of a shared resource between the system user and the private profile within is the clipboard. This is a very significant vector to leak information between your standard apps and apps installed in the private space if you do not manage it properly.
|
||||
|
||||
Private Spaces are currently only available for the system user, not by secondary users. You also have the option to enable both a Private Space profile *and* a Work Profile, meaning you could have up to three semi-isolated workspaces contained within a single user.
|
||||
Private Space is currently only available for the system user, not by secondary users. You also have the option to enable both a private space *and* a work profile, meaning you could have up to three semi-isolated workspaces contained within a single user.
|
||||
|
||||
## Sources
|
||||
|
||||
|
@ -93,7 +93,7 @@ Privacy-friendly apps such as [Bitwarden](https://reports.exodus-privacy.eu.org/
|
||||
|
||||
The option to enable **multiple users** can be found in :gear: **Settings** → **System** → **Users**, and are the simplest way to isolate in Android.
|
||||
|
||||
Even a single person can take advantage of using multiple user accounts. To limit the applications you run on your phone, you can impose restrictions on a specific account, such as: making calls, using SMS, or installing apps. Each account is encrypted using its own encryption key and cannot access the data of any other users. Even the device owner cannot view the data of secondary users without knowing their password. Multiple users are a more secure method of isolation than Work Profiles or Private Spaces.
|
||||
Even a single person can take advantage of using multiple user accounts. To limit the applications you run on your phone, you can impose restrictions on a specific account, such as making calls, using SMS, or installing apps. Each account is encrypted using its own encryption key and cannot access the data of any other users. Even the device owner cannot view the data of secondary users without knowing their password. Multiple users are a more secure method of isolation than work profiles or a private space.
|
||||
|
||||
[:material-star-box: How to Take Advantage of Multiple Users](/articles/2025/04/23/taking-advantage-of-android-user-profiles/){ .md-button }
|
||||
|
||||
|
Reference in New Issue
Block a user