Android 15 will get a “private space” which is a way to separate some apps into a separate space. Apps installed in the private space cannot talk to apps that are in the main profile and they also cannot access files, contacts, calendars, SMS and so on from the main profile. The private space also uses a separate VPN connection. Apparently it will be possible to share files between the private space and main profile, but only through the built-in file manager or the ‘Share’ functionality. Notifications and app icons will be integrated with the main profile, so there’s little downside in usability.
To me, this sounds exactly like the work profile functionality that already exists. The only difference I could spot is that you can lock the private space with a PIN or biometrics.
Is there any tangible benefit compared to the existing work profile function?
Private Space and Work Profile can be both used at the same time. Does anyone have an idea in what scenario this could be useful, i.e. which apps to install where? (Obviously, if you need your work profile for actual work apps then the private space can be useful to separate some of your private apps from the main profile.)
I’m currently using GrapheneOS with all apps that need Play Services for notifications in a work profile and the majority of my apps living in the Google-free main profile. Can’t think of any benefit of this new Private Space feature.
Work profiles are meant for work, and user profiles are meant to be used in case a few people are using the same device.
Meanwhile, Private Space will be a proper way to achieve what most people in the privacy community are trying to achieve by using work or user profiles.
I’m wondering how the encryption works for the private space. If the main profile account is compromised, does the private space have to be manually decrypted or would it be compromised too?
after some testing , i like that private space doesn’t rely on a third party app (even if foss) , but i don’t like that i can’t have shortcut for apps in private space for easy app launching which is possible with work profile
I’m doubtful it will even get on their radar. There are a few things that they’ve said they’re working on for over a year. Like their seedvault replacement.
Overall I’m rather disappointed with the Private Space feature. I tested it on GrapheneOS. The Work Profile works in a similar way but is less annoying.
Work profile with Shelter
Private Space
Create shortcuts to app on ‘desktop’?
Yes
No
Clone apps from (or to) main profile
Yes (via Shelter)
No, need to download APK (or install an app store in from APK in Private Space)
Appears as ‘external’ storage location in file manager?
Yes (via Shelter’s file shuttle)
No
Can send files between profiles using the Share menu?
Yes
Yes
Auto-start apps after phone reboot?
Yes
No, need to unlock Private Space first
Can access apps without PIN/fingerprint?
Yes
Only if ENabling “use device screen lock” in Private Space settings[1]
Can use device biometrics for e.g. banking apps login?
Yes
Only if DISabling “use device screen lock” in Private Space settings and then setting up a fingerprint again for the Private Space
Can backup app data with Seedvault?
No
No
Notifications from apps
Yes
Yes but locked (not content preview)
Can disable preinstalled system apps in profile?
All except Files
All except Files and Camera (why?)
[1]otherwise it will regularly ask for PIN/fingerprint when launching an app in the private space and even every time after turning the display off with a Private Space app in the foreground
The most unnecessary thing is that if you enable “use device screen lock” it somehow doesn’t “forward” the registered biometrics to the Private Space. So if you for example install your banking apps to the Private Space, you can’t use the fingerprint to log in to those apps or approve payments, but instead you have to use the app-specific PINs and passwords (which are hard to remember if you use more than one bank).
(This can be circumvented by disabling “use device screen lock” - meaning you can set up a “separate” PIN and fingerprint for use in the Private Space. But this just makes the whole experience more annoying: Although you can set up exactly the same PIN and fingerprint as for the main profile, it will mean that every time you want to launch an app in the Private Space or even resume after turning off the display it will ask you for your fingerprint. So if you are using a banking app you have to use your fingerprint twice (to start the app in the private space, and then to log in). I guess for banking apps it’s not too bad, maybe even good if you want to register a different finger perhaps. But if you have something non-sensitive like Shazam installed in the Private Space you still need to enter your fingerprint or PIN every single time you want to start it. Oh, and you know how the phone insists on the PIN instead of fingerprint for unlocking the screen once a day or so? It’s the same with the Private Space!)
The biometrics seems to work for most of my apps in the Private Space and I have the “use device screen lock” on. For some apps the biometrics are not activating but I suspect that it is some type of glitch or app permission that the private space doesn’t give to it. I believe this will be addressed.
Interesting. I tried it with multiple apps (all UK banking/finance apps) and none of them was able to find the biometrics with “use device screen lock” enabled. Which app worked for you? And do you know if there is a bug report anywhere?
Thanks for the extensive report. A lot of them do seem to be actually because work profiles are worse at filtering intent and allow leaks, while Private space seems more robust. I’m some users prefer ease, others may prefer identity separation and security.
This is better behavior from Private space. External storage means privileged apps can examine data in work profile. Private space handles it better.
Another working as intended feature ig. Ideally private space is another user profile, and thus logically shouldn’t start automatically. Separate encryption keys is the point.
EU and SE Asian banking apps seem to work, could be an app issue.
Disabling camera would make file picker implementation and apps that want to use the camera intent angry, or at least that was my diagnosis with the debug build. This was before android 15, so take my words with a lot of salt.
I remember seeing GOS team talking about making this and clipboard separation possible in a future release soon.
Some examples of apps that are working: Betterment, Bitwarden, BofA, C6 Bank, Empower, Schwab and Wealthfront
Some examples of apps that are not working: Chase, Citi and Itau
The three that are not working are the only ones that I need to activate the “Exploit protection compatibility mode” which makes me think that is related to it.
Edit: Actually, I just tested activativating the biometrics in Chase again and it just worked now so I’m down to two apps and now I think is not related to “Exploit protection compatibility mode”
Not sure if can be considered something else but after enabling “use device screen lock” and installing apps in the Private Space I was prompt to register new fingerprints for the Private Space when I opened the first app that uses biometrics.
good pickup. Now we need someone to do same with gos. I don’t know if they will give a shit 