No, you could use both if you have a use case for it. Like using nothing on the owner profile, using Tor in Private Space, and using a VPN in the work profile.
The work profile is just that a work profile and the way it is implemented intentionally grants the app which configures it a lot of control for BYOD use cases. Work profiles definitely aren’t going anywhere but otherwise you are correct that the private space is a better choice if you only need the one nested profile.
I believe this is one of the reasons why private space are recommended over work profile from a privacy perspective. And at the same time, I am confused by this part of the risk assessment.
At least as I understand it, work profile and private space differ in terms of whether or not the intent is redirected (perhaps that is the only difference?). It seems to me that there are very limited privacy concerns that could arise with the availability of Intents, am I missing some point?
Unless your use case requires using 2 profiles inside your Owner profile, then yeah there would no longer be a need for a Work profile.
The main downside of a Work profile is the fact that it requires a third-party application to setup and you need to trust that application with your Work profile data. The third-party application is also what determines the level of isolation between the Work profile and the Owner profile. For example, Shelter allows some intents to cross between the Work profile and the Owner profile. On the other hand, the Private Space blocks all intents except for the telephony intent.
Apps in the Work profile are also able to identify what apps you have installed in the Owner profile which could be a concern for you. Not sure if this is a general limitation of a Work profile or if it is dependent on the third-party app you choose to use.
You can also choose to have different encryption keys for the Private Space by setting credentials for it rather than using the existing device credentials. Not sure if a Work profile has different encryption keys or not.
From what I read in the Android documentation, I didn’t read that Work Profile can read apps with Owner profiles; is there such an API for third-party apps that manage Work Profile? Or is it only possible to know indirectly through some trick (by intent you mentioned)?
The profile admin can choose which intents are allowed to cross from one profile to another. Since the IT admin makes this decision, there’s no way for you to know in advance which intents are allowed to cross this boundary. The IT admin sets this policy, and is free to change it at any time.
In this scenario, the “IT admin” is the Shelter app.
You can’t even set shortcuts on home screen with Private Space. Or easily clone an app from main profile to private space. So definitely the answer to your question is yes
I overall prefer work profiles. In terms of isolation/privacy (Work Profile with Shelter vs Private Space) it’s pretty much identical, the main argument against the work profile seems to be that you don’t need to trust the Shelter app.
Private Space: differences compared to work profile
no possibility to create ‘desktop shortcuts’ of apps
app notifications don’t show their content, you just see that you got some notification but you need to open the app to see it
need to enter PIN/fingerprint every single time you open a Private Space app after the screen was locked
less integration with the main profile (e.g. Shelter allows you to clone apps between main and work profile or copy files between the two)
no auto-start after reboot (e.g. if you expect notifications from an app, make sure to unlock the Private Space after a reboot)
biometrics need to be set up separately (at least for me; others said the fingerprint from the main profile was usable in the Private Space; not sure what is the desired behaviour and what is a bug)
can protect apps with a separate PIN/fingerprint if desired (e.g. if you think someone might snatch your unlocked phone out of your hand)
For me personally, all of these points, except maybe the last one, are downsides that just add additional friction when using the apps. I think the Private Space is really meant to be for “secret” apps and files, like a second copy of the gallery app for your homemade sex videos or something, rather than for compartmentalisation.