Creating new user profiles in GrapheneOS is a great way to preserve privacy across different areas of your life e.g. shopping, banking, social media, …
Are there any tools to sync or share files and photos across profiles?
Currently the only way I know how to do this is via USB transfer which is pretty inconvenient if I don’t have my PC with me.
I am honstly not sure what is the advantage of multiple user profiles in your case?
I guess the most important benefits to me are:
If you know of any solution to this, I would greatly appreciate it if you could share. Or to describe a setup that works well for you.
Just so you know the last item is not possible anyway. The others somewhat make sense but i think you make your life a lot harder for little gain. I think the entire point of profiles is that what you want is not possible.
You can sync files obviously with the recommended tools on the website. But it will all be duplicated.
These are some of the reasons we like Android Work Profiles instead of user profiles. Installing Sandboxed Play Services in a Work Profile w/ those apps provides a lot more flexibility than the user profiles system.
Sorry for reviving an old thread, but maybe it’ll be useful to people who stumbled into here looking for a solution like myself.
I was wondering about the same, and while it’s possible to move files without your PC by using an USB-C format stick it’s still really inconvenient and takes too long. The suggested sync tools also just seem cumbersome to deal with. The most convenient solution was probably using a messenger or cloud sync used in both profiles - but then you need Internet and involve a 3rd party…
I ended up putting together my own app to share files in a simple manner, like selecting them from the gallery, sharing them to the app, switching to the other profile and be offered to add those images to downloads or re-sharing them via another app in this second profile
The way it works is so simple, I was surprised that it hadn’t been done yet: When you select a file, or share it to the App it opens a TCP port where that file can be fetched from. After switching to another profile, the App will check whether the TCP port is available, and if yes it offers downloading shared files from the other profile.
It only ever shares files that you actually selected, nothing more. It only shares them while the sharing-notification is explicitly shown, pressing “Stop Sharing” or swiping it away immediately stops the process and closes the port. When encryption is enabled, only this same app has access to shared files from other profiles. Malicious apps are prevented access.
I published it as ad-/free and open source on GitHub and F-Droid. Installing via F-Droid is probably best as they build it fresh from the source, so you really get what you think you get.
Hope that helps someone!
(this post was suddenly flagged and hidden by the community, but I don’t understand the reason - especially after it already received plenty of likes and started, what I’d argue is a really nice discussion about alternative solutions - yes, I did revive an old thread, yes, I am promoting my own app - but I think it’s still reasonable as it’s completely on topic and offers a solution to the OP’s question)
This is quite incredible. But I’m wondering, did you find a vulnerability in user profile isolation? I mean if sharing user data between 2 profiles is as easy as this, what’s to keep a common app used in different profiles from doing the same type of sharing across profiles? For example, let’s say I use the same keyboard app in two different profiles… how hard would it be for the app to share keystrokes between profiles using this method?
I doubt this is considered a vulnerability as it’s basically using networking same as a local FTP server/client setup or the Syncthing app does. This app is just way more specialized for the use case it’s trying to solve.
In GrapheneOS (I believe) you can actually prevent this by not giving the Application the Network permission during installation of the App. Then it shouldn’t be able to make any connections, not even to localhost.
Maybe in the future there’ll be network based isolation, maybe by assigning each profile a “virtual network interface” or similar to how linux containers work. This would allow for more fine grained control over such local network communications, a bit like the scoped storage feature.
But yes, malicious Apps could use this to communicate cross-profile as well, if they’re installed in both profiles.
Its less “communication between profiles” and more “apps are connected to the same server”. Its just that in this case the server is not far away on the internet and closer to you.
@patrickd how does this differ from KDE Connect outside of a more focused codebase, sinve you can also use KDE connect to shift files and clipboard around? Does it also work if the profiles are not on the same wifi network, or if they use VPN with killswitch/without killswitch? Thanks for sharing this here!
This App doesn’t need any network connection at all and works in Airplane mode. The communication between sharing server and client happens all on the local loopback interface and there’s no way to connect to the server from outside of the phone.
As far as I am aware only the Owner profile (ie. the main profile) can manage WiFi connections and other profiles inherit what the Owner has connected to - so I don’t believe different profiles can be connected to different WiFis. But as mentioned, it wouldn’t matter, even with VPNs, since this is all on loopback and doesn’t involve any actual connected network.
I’ve only heard about KDE Connect for exchanging data between desktops and phones - but actually phones with it installed can also exchange data between each other - that’s a really interesting idea that I haven’t seen anywhere else so far!
Giving it a try…
And it works! By default, it only works while you have an active network connection. But when going to “Pair new device” you can “Add devices by IP” with 127.0.0.1 and then it’ll work even in airplane mode. Unfortunately, it unpairs the profiles every time you leave airplane mode and connect to to a WiFi network again. Depending on the amount of profiles you want to connect this can be really bothersome as pairing requires switching back and forth between profiles.
A comparison after a quick test of both:
Inter Profile Sharing:
KDE Connect
KDE Connect is not intended to be used this way and that makes it a little less convenient at times, but if you’re already using KDE Connect with your desktop anyway - this is the way to go!
Great idea, thank you for pointing it out!
I flagged it. Its a super cool app it just belongs in project showcase. 