GrapheneOS - User Profile and Google Services Setup

I’m going to be getting a Pixel 6 (pro) - and immediately installing GrapheneOS on it. I want to setup my user profile(s) to get the most privacy from Google!

Currently I am testing a setup on an old P3 - and I have 3 profiles:

  1. Owner: no play services/play store, etal
  • I use this for apps typically found on f-droid or APKMirror and don’t require any login and don’t require google play services2) “Dummy” google user: using sandboxed google services
  1. “DUmmy” google account and using sandboxedgoogle play services:
  • These are apps that require some type of non-personal login and google play services to run
  1. "Actual google account: using sandboxed google services
  • These are for apps that require a google signin and/or a ‘real’ name (e.g.: banking)

It sounds to me like the user profile setup is moot - that as long as I am using a sandboxed google services - then there is no more privacy with 3 user profiles versus 1 ?

IF that is the case - then do I still have 2 google accounts (1 “real”, and 1 “dummy”)

Any other thoughts on this?

NOTE: was trying to solve this on Matrix - GrapheneOS Off Topic - but I am finding Matrix to be a pretty poor experience… (perhaps why it was dumped by Techlore?)

This is incorrect. Any app can interface with sandboxed Google Play Services in the same profile, therefore the only way to ensure certain apps don’t utilize Play Services is to keep them in separate profiles. Sandboxed Google Play is a security feature which prevents Google Play from deeply rooting itself in your phone with a lot of system privileges, but it is not a privacy feature, in the sense that it does not provide a significant privacy advantage over standard Google Play.

Right now I’m assuming that by “profiles” you mean entirely separate user accounts that you switch between on the lock screen, like:

  1. User Account 1: No Play Services, F-Droid Apps
  2. User Account 2: Play Services, Non-Personal Apps
  3. User Account 3: Play Services, Personal Apps

You could look into using an app like Shelter which creates a Work Profile, allowing you to merge your first and second (or second and third) profiles you currently have into a single user, which is slightly more convenient, like:

  • User Account 1:
    • Personal Profile: No Play Services, F-Droid Apps
    • Work Profile: Play Services, Non-Personal Apps
  • User Account 2: Play Services, Personal Apps
Alternative Setups

Since I don’t really care if the apps I have that require Google Play have access to my personal Google account, my personal setup is a single user account:

  • User Account 1:
    • Personal Profile: No Play Services, F-Droid Apps
    • Work Profile: Play Services Apps

This is slightly less private in some sense, but it is a lot more convenient because it does not require user switching. I can get notifications from both profiles at once on the same lock screen, which is very useful.

Or, a maybe overkill setup could use Shelter in both users and could look like:

  • User Account 1: (Exclusively Non-Personal Apps)
    • Personal Profile: No Play Services, Non-Personal F-Droid/APKMirror Apps
    • Work Profile: Play Services, Non-Personal Apps
  • User Account 2: (Exclusively Personal Apps)
    • Personal Profile: No Play Services, Personal F-Droid/APKMirror Apps
    • Work Profile: Play Services, Personal Apps
2 Likes

This is very helpful - thanks!

…so using shelter in each or some user account provides a more convenient method to switch to a work profile rather than changing accounts?

In your setup you have 2 users and each uses shelter and a work profile?

I could have my owner user for non google services and then an addl user with google services and use shelter with a work profile rather than have 2 addl users?

Sorry for the poor questions just trying to understand the use cases

Using shelter creates a work profile inside your current user/profile. With this method you wouldn’t need to change your user on the lock screen to have access to your e.g owner profile with no Play Services, Non-Personal Apps and your work profile with e.g Play Services with Non-Personal Apps. In your case you could have an owner user with no Play Services, Non-Personal Apps and a work profile (which is integrated inside your owner user) with Play Services, Non-Personal Apps. For the profile with Play Services and Personal Apps you would create an another user.

I ‘think’ I’m starting to understand how Shelter works better? Here is what my understanding is - would appreciate some feedback if I’m on the correct path.

  • I can basically consider the ‘work’ profile created by shelter as the same thing as a separate user profile - it is just much easier to swap back and forth…
    • so where I currently have 3 user profiles (Owner with no ‘play stuff’, user1 w/play-stuff but no google signins (e.g.: maps, voice), user2 w/play stuff but used for logging in to google apps). Also owner has apps w/o signing into things, user2 has apps w/signin (e.g.: financial/bank apps), user 3 has full google signing for google based apps.

With Shelter I can have: owner (as is currently) - and then user 1 with a work profile whereas I setup work to be my google signin - otherwise - just like my current user 3 ?

My main question though - is can I install the grapheneos sandboxed google services ONLY in the work profile? Or - do I HAVE to install the sandboxed services in both the main and work profiles?

You can only install Sandboxed Play Services in the work profile.

Thanks - very helpful.

So - I have my owner profile and I installed shelter and setup a work profile…

I have all my ‘sign-on’ apps in the work profile other than Proton… which is on my owner.

I still have a separate user profile for my google apps (just maps and voice for now)… though based on what I’ve been reading there is no reason not to include them in my work profile.

Getting there…