Now that Android 15 has private space, I don’t really see a need for Shelter. Private space is superior and doesn’t need a third party app.
Shelter is still useful as an additional ‘private space’ - allows for even more isolation of different types of apps (e.g. you could have main apps in main profile, social apps in private space, and work apps in Shelter).
FYI - Someone was doing some testing in the GOS Matrix channel, and although I can’t recall exactly what they found, they did conclude that private space does a better job of keeping app data/app communications separate than Shelter does. Their conclusion was, in terms of ‘strength’ of isolation: Different user profiles > private space > Shelter.
5 Likes
This might be a bit to early, most people do not have android 15 yet and older android versions still get security patches.
4 Likes
I think that recommendations should be made around the latest GrapheneOS, PixelOS, and iOS versions if we want to have high standards.
definitely, but the recommendation could easily just be use private space for a profile. If you do not have this or need another profile you can use shelter.
1 Like
Its a balance thats always tricky. While I see your point and also want to keep to the highest standard.
The reality is is that you shut out the majority of people with this mindset, especially outside the USA where iphone usage is way lower.
Only providing info for folks already on those platforms does not seem to be the most productive stance.
What if we provide a guide explaining how one can use the private space if you are on a platform that supports it, and point to alternatives if you are unfortunately still on older platforms. We could always remove the recommendation for shelter once the android versions without private space are end of life.
6 Likes
Yes, we should talk about Private Space and make it clear that this is the preferred method.
1 Like
How is private space superior? Shelter can freeze apps, and I don’t think private space has this functionality.
Also shelter has file shuttle. Can you even transfer files to private space in as convenient a way?
In my opinion, removing Shelter makes sense once Android 15 and above have approximately 50% of device adoption. Historically, this likely means around the time that Android 17 is released, or roughly 2 years from now. I think this creates a reasonable end-of-life standard, though discretion can be used to remove it earlier or later.
It doesn’t make sense to continue to recommend another app to be a device administrator if the OS provides similar functionality already.
4 Likes
I’m marking this proposal as rejected for now since a lot of people are likely not using Android 15 at this moment.
Android 15 has not yet been released on the stable channel for GrapheneOS at the time I’m writing this.
We can always revisit this whenever there’s a critical mass of Android 15 users, as @sgp noted.
In the meantime, I opened a PR to add an introduction to the Shelter card which provides a reason for using a private space over Shelter if the former is available.
As always, any feedback regarding the language on the Shelter card is welcome.
Side note
The above PR is currently marked as draft since I’m currently waiting for Android 15 to reach the stable channel for GrapheneOS so that I can test the Private Space feature and write about it. However, if you have already tested Private Space and wish to contribute to the Android Overview page, feel free to open a Site Development thread or offer feedback on GitHub directly!
8 Likes
Statement from GrapheneOS saying that private space is recommended over a work profile.
3 Likes
Installing F-Droid in Private Space is a royal pain compared to Shelter. And you can’t add shortcuts on the launcher either
1 Like
There’s still some merit to a work profile:
- can be used in addition to a private space (so you have 3 spaces for your apps: main profile, private space, work profile; and then secondary users but those are less integrated)
- can add the launchers to the home screen (apparently not possible with the private space)
- apps will run in the work profile after a reboot while you first have to unlock the private space (this can be good or bad depending on your use case, but makes it useless for apps you want to autostart)
- (also apparently apps installed in the private space automatically get the network permission on GOS?)
1 Like
There is no difference when it comes to sandboxing. User profiles, work profiles, and Private Space don’t work like VMs, there is no added security in using them.
1 Like
I am fairly certain it hit the Stable Channel with release 2024101600, so at the very least people on the Stable channel of Graphene and users who are still on the stock Pixel OS will have had some time to play with it. You are correct though, a majority of Android users are not in that camp
I mean I don’t think that’s completely true. There kinda is a difference. Because some apps can communicate with each other with mutual consent. Splitting them across profiles prevents that. E.g. like apps that use google play services stuff.
Also if you’re not on GrapheneOS using different profiles lets you do a similar thing to what storage and contact scopes does.
Why not? If you install malware in a secondary user profile, your owner profile data will not be compromised/exposed, right? There is added security by isolation.
1 Like
I think your statements are not contradictory, he is just saying those aren’t more secure by design.
All the data that isn’t encrypted will be compromised.
No.
1 Like