WingNews logo WingNews
top | item 44966165

(no title)

maples37 | 6 months ago

GrapheneOS not only provides a sandbox for Google Play (meaning it's just another app with no special privileges, and you can grant/revoke permissions (including network!) as you desire), it also heavily promotes user profiles for further isolation.

I have a "banking" profile set up with Google Play services installed. 98% of the time I'm using my phone, I'm using the primary Owner profile. All the other profiles are encrypted-at-rest, meaning that until I enter my Banking-profile-specific PIN, the apps and data (including the Google Play Services installed there) are just encrypted files, and unable to do anything at all. (There are provisions for allowing a secondary profile to run in the background, but in this case I have obviously left that disabled.)

discuss

order

parlortricks|6 months ago

That sounds great, how much friction does this setup cause you daily? Could you hand your phone to a firend or family easily if they needed it?

pferde|6 months ago

Each profile in GrapheneOS is encrypted separately, and switching profiles require entering a PIN (plus additional biometric methods if you set them up for that profile) before the data is decrypted and accessible.

So yes, you can hand the phone over to a friend or family, and they cannot get to any other user profile. Or you can set up a separate profile just for them, and they will have their own isolated set of apps - something like a separate user account on a desktop PC. And if only they know the PIN for their profile and you don't, they can keep secrets from you on that profile.

littlecranky67|6 months ago

Sounds like an awful lot of work vs. just having an iPhone and regularly install your banking app on it, and still not get spied on.

dns_snek|6 months ago

This myth that you're not being tracked in very similar ways if you use an iPhone is nothing but genius marketing and PR. Do some research about the type and quantity of telemetry that's sent back to the mothership from your iOS device, it's not materially different from regular Android.

> Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this. When a SIM is inserted both iOS and Google Android send details to Apple/Google. iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location. Currently there are few, if any, realistic options for preventing this data sharing

https://www.scss.tcd.ie/doug.leith/apple_google.pdf

prmoustache|6 months ago

what makes you think you are not getting spied on? Most banking apps are just glorified websites anyway with all the usual analytics tool embedded that you cannot disable with a browser extension.