1mo ago

For GrapheneOS users, what is your profile setup like?

Just installed GOS on my phone, really like it. I want to know how GOS users setup their profiles to learn from them. So far, i found out the followings:

everything in Owner
leave Owner blank. Put everything in another profile names User.
leave Owner blank. Put all Google stuff in user Google. Put all FOSS app in FOSS user. Put all bank stuff under Sensitive user.
use Owner as an app repo. So install Google Play, Acrescent, Fdroid. Install apps from there, but dont use them. Instead, when create new user, push those apps from Owner. This is similar to Side of Burritos on Youtube.

anything different?

43 comments

Everything in owner because I don't understand the implications well enough to do otherwise (so thanks for the thread).
- Same. I need to step my game up! Profiles don't look that hard, just something to learn 🙂

I have 7 profiles
owner - network setup and app management (mullvad vpn)
Daily - no google services and 95% of my daily usage app (always on VPN to my home)
GPS - navigation and other apps that need location services (mullvad vpn)
PS-USA - playstore account and google services with USA identity (fake of course), (US residential VPN for sports streaming)
PS-CH - playstore account switzerland and google play services, my banking stuff lives here (residential vpn CH)
PS-DE - playstore account germany and google play services (mullvad vpn) - used for apps not available in US and CH when traveling through Germany
NOVPN - this account only has vanadium and connectbot (ssh) for network diagnostics in case I have issues with a wifi or something. My only account without always on VPN
- hmm i really like the idea of navigation apps with location service in 1 profile. So you just dont listen/stream music while driving? Because thats another app right?
  Also thats a lot of vpns lol.
  
  I usually listen to radio while driving, I am kinda old school there.
  Also, I think having some commercial service like Spotify or TuneIn track my taste in music, radio stations or podcasts is an invasion of my privacy. I actually selfhost an internet radio service if you wanna call it that by running a DVB-C tuner on my homeserver that grabs my favorite channels from my cable provider and streams them to my phone on demand if I wanna listen to radio on the go.

Got 7 profiles actually.
is the owner of course.
Then I have my main profile.
A untrusted profile. Shady apps cracked apps etc. This profile also is not allowed to run in the background.
Then my finance profile. Has my banking apps and such.
A testing profile. Used to test backups of grapheneos and such.
A work profile. Dont need that to run in the background either. But is useful to stay in touch over the weekends.
And a private profile.
This way I can still use all my apps. While not requiring google play in all my profiles. Also being able to disable certain things for profiles is super useful. Running in the background, allowed to make/receive calls to name a few

I have everything in Owner profile (including Sandboxed Google Play)

Everything in Owner and a secondary phone for all proprietary work and communication apps. The secondary phone is powered off or at least disconnected once I leave work. Google stuff and banking through a computer browser whenever possible.
If I were forced to use only one phone, the secondary phone's contents would be on a secondary profile. This used to be my setup but switching between profiles throughout the day wasn't my thing.

This thread is illuminating and makes my GOS use feel very pedestrian. I just use a single profile, I keep everything off my default and only enable what I need when I need it (GPS for instance which is rare) and then disable again, and I have no accounts logged in to anything on my phone.

One profile. No Google sandbox stuff. All open source programs.
On my work Pixel tablet I have a home profile as owner with Aurora store just to be able to load it on the other profile. Then a secondary "work" profile with all the bloat

You might also consider the new private space feature depending on your needs: https://www.youtube.com/watch?v=G94V5I2xH1E
- Eagerly awaiting multiple private spaces so I can move everything to owner profile.

Currently everything in owner, with banking apps in my private space.
I was tempted by the idea of owner as an app repo but the private space is only available in the owner profile.
Someone else in this thread mentioned they were using another device for their app repo and sideloading from there. That's an intriguing idea for keeping even sandboxed Google off my owner profile. An idea for the future maybe.
- do you use a different Google account to download the bank app? or no Google at all in private space, and instead push an app downloaded from main?
  
  A different google account in the private space.
- In standard Android yes, but on GrapheneOS has 1 (one) private space per profile.

Owner profile for main use, shelter w play services for apps that need them.
I also keep a Duress pin enabled which i have written down inside the phones case, so if Anyone "finds" my phone and tries to unlock it they will just end up wiping it.
- The downside of letting someone wipe your phone is they can then sell the phone. It's a lot harder to pawn a "found" phone if it is locked.
  
  You can always wipe it without the duress pin

One profile on a 6a. If I had a Google account, I would likely have a second profile.
Most apps come from Github through Obtainium, I also use F-Droid, and a few get updated from Aurora Store.
I noticed a month ago that some apps aren't being updated in Accrescent - Fdroid had a more up-to-date version for a few apps. I heard they have a funding issue which is probably why. Just something to be aware of.
The apps I have on board, that aren't privacy respecting, either have their network access blocked or are disabled until I need them. These are Amazon Shopping, Roamless (data esim), and Sound Connect (Sony BT headphones).
No Google account but I do run Sandboxed Google Play for the notifications. Only two apps use the notifications through SGP - Signal and Protonmail but of which have taken steps to conceal the contents of the message from Google.
I have a Duress pin set. If being brute forced, the pin I set will likely be entered before my real pin and wipe the phone.
I mostly use a fingerprint for unlock so no one can see my pin while in public spaces. I also avoid unlocking if anyone is too close to me.
Phone stays in airplane mode most of the time to avoid cell tower triangulation. Using a voip phone service makes it possible to make and receive phone calls without cell towers being involved. My voip provider is very kyc but I do plan on switching to JMPChat soon.
Reboot is set for 8 hours.
If I disable the microphone I can never enable it quick enough to answer an incoming call so don't turn it off system-wide but do deny for apps that don't need it.
Disabling the camera permission system-wide has forced me to wait a very long time, after enabling the permission, before I can take a photo. I leave this permission on and just deny for apps that don't need it.
I typically connect to public and home wifi so I leave this on.
My headphones are bluetooth (I can't stand using a cable) so BT stays on.
Global PS is an incoming signal so I leave this on. GOS is transmitting a ton of data to Google so I don't see the risk. Doesn't seem to drain much power. Only really needed for my map app.

I saw that side of Burritos video it was overkill for me I have 3 profiles 1.owner: most of the apps I use are here (but no sandboxed Google play) these apps are 95% FOSS some are not but I needed them to be easily accessible 2. Financial profile: all banking and other financial stuff are here this profile also has sandboxed Google play so all of these apps are installed through Google play and updated easily 3. Dumb big tech profile: the stupid and time consuming proprietary social media and messaging and meta apps that I might need every once in a while are here this profile also has sandboxed Google play. That's it hope it was helpful.

Owner has everything as open source/de-googled as possible. User 2 has YouTube/twitch for my video game communities. User 3 is work mode with pretty much Outlook for work. (And apps that work wants)
Users 2 and 3 have play services enabled just to reduse headaches in the future

I do...
Owner - these are the apps I daily drive.
Work - all work stuff lives here.
Google - apps that require the playstore.
I thought about using my owner profile as a hub for app stores and then a 2nd profile as my main profile but I found the 2nd profiles a bit unreliable in terms of receiving calls and texts.

All you people with multiple profiles better have insane backup strategies and love doing it often and it's a removed. You have to backup each profile and restore individually once booted back up starting with owner then one after another. It's a nightmare.
You also cannot use a single drive to backup each profile as the backup reading process that distinguishes each profile does not understand.
Meaning the same drive cannot even be partitioned to have a save of each profile. It requires different drives entirely. The absolute simplest process for backups are having a flash drive for each profile. Graphene os is very cumbersome to backup and DOES NOT backup all data. Once you restore from a backup you'll understand all the pains I say, including the data you have to restore separately. A good backup is only good if you know you can restore and it works.
Hope this helps people refine their profile strategies. Most people avoid owner usage. I think there are pros and cons to that strategy. Like no pop up messages, notification delays, many other lacking options outside of owner profile like certain settings are unavailable to tweak. Including dev mode.
I've used graphene for years, across multiple pixel generations. It's not the white knight made out to be. Their project is very silo'd in security and lacks the true polish of a complete OS. I still use it and think it has great merit just note the drawbacks are many. There's so much more to add. It is late in my timezone. Hope this helps someone.
I think after testing multiple strategies that the best is to main owner, business and Google stuff 2nd, sketchy apps and things you don't care if they get lost to delete the phone back to factory. Backup 1 and 2 only. 3 or more are throwaways. You have far more threats to lose your data from theft or social engineering by friends or family etc. than you do someone hacking multiple encrypted browsers with sandboxes of apps and then across encrypted profiles. Most of those scenarios are too complex but your imagination makes them appear big and real because of movies or TV.
Reality is the true threats are often much easier and simple. Bad actors tend to be least effort to get their goal. Nor are most Jason Bourne.

I installed Shelter into the owner profile to enable the work profile. All the googly stuff gets installed in that work profile. I only unpause the work profile when I need a specific app and pause it again when I am done. Open source and apps that do not require play services are allowed to run directly in my owner profile.

Thank you. I can't inform a response, but your question is very helpful for me with limited / low level ideas and poised to jump to GOS.

I have a work profile for my work stuff. All my personal stuff is on Owner.

I have all of my open source apps in my main profile, a Shelter profile for proprietary apps (which I hardly use nowadays), a user profile for apps needed for my university, and another user profile for apps needed for a certain gig I've been involved with

Default.

owner
-pleasure
banc
work
guest
-privacy

Just the one profile that comes with the install. I need a way to get Ticketmaster tickets in to a wallet tho, so I may need to set up another profile with Play Services and Google wallet, just for tickets. Either that or reset my old Samsung phone and download the tickets on to it, bring it with me to the concert. I have one year to figure it out, the concert is Dec 2026.
- You can just view the ticket in the browser on Ticketmaster's website. Have been to 2 concerts in the last couple of months and this worked for me without issue.
  
  Yeah, but I don't have a data plan. I know thats weird these days, but Im lucky not to need one. The easiest thing would be to transfer the tickets to my spouse, but I have to be able to do it with the tech I use now. I've just started looking into it.
  My spouse has bought any tickets for us the last few years, so I'm pretty green about it. I haven't been concerned until now, but I was home the day these tickets went on sale so I made the purchase.
- There are a couple of apps that work just for ticket files (.pkpass). I'm currently using FOSS wallet. Catima works too but I didn't love the layout.
  
  I was reading on a graphene forum about problems with Ticketmaster in particular, I just started looking into it so its a little vague. My spouse has bought tickets for the last few years so I've never used a wallet. What I read says Ticketmaster won't release the pass file through any means but using google services, so Catima wasn't an option, google wallet only. Maybe that was something more specialized, like sports event tickets were talked about. I have to read more.
  One option mentioned was to carry a second device, which I have. Its not a good option but it works. Its an S8 so its fairly light.
  I don't have a data plan, so no website access except WiFi.

Some mangled gargoyle looking shit that I cobbled together some time ago.

I have the main owner profile for my main Foss apps then the work profile for apps that need the play store. I normally leave my work profile paused and unpause it when I need to use an app. None of the apps in the work profile require notifcations so its fine.

43 comments