I’m considering the GrapheneOS user setup where you have sandboxed Google Play services on the main user and install apps from there. Then use the GrapheneOS feature to push apps to a secondary user, which is more of the “daily driver” user.
It is described in more detail here:
I’m wanting to hear from anybody who has experience with this or has more knowledge than I do. My current setup is that I use the main user as my daily driver and then have a secondary profile with sandboxed Google Play services and apps that require the Google services. However Aurora Store feels untenable to me these days, so I’m exploring my options for installing all apps through the Google Play Store.
Has anyone had any issues or foresee any issues with this setup? Are there any caveats?
Also can anyone confirm what the limitations are on utilizing app purchases in the secondary user? I’m guessing that outright paid apps will work fine on the secondary user, but I suspect that in-app-purchases and subscriptions will not work, since that user won’t have Google services to verify the purchases.
I really want to understand the full implications before I make the switch because it’s a huge task to start fresh and re-download all my apps, backup/restore app settings, reconfigure apps/permissions/settings, configure profile settings, etc.
I’m open to any other suggestions that allow me to install apps via Google Play while still keeping most of them isolated from Google Play services thereafter.
I was an advocate for this method over on the Techlore Forums (RIP) and have been running this process for the past year. It definitely is a change in how you end up using the phone, definitely not for everyone, but there’s a reason I’m still running it so I’ll be happy to answer any questions you have.
Earlier, I tried to using Shelter and other work-space profile management apps, but once you turn on multi-users on Android/GOS, those apps don’t work. BUT Android’s built in private spaces do. So something to keep in mind.
I am utilizing a brand new Google account for my phone, so I will not be the best tester for this.
I may be misremembering, but I did test out to see if I can get purchased apps on the “Owner” account, then without having Google Services on my “Daily” account still have it activated… for the app I tried them on, I recall it did not work (it was Symfonium music player app iirc). But your thoughts on paying to get access vs verifying subscriptions/purchases is something I did not test out… so this is only partially helpful. Hopefully someone else can chime in with a clearer answer.
I use GOS, but I’ve never tried user profiles as it sounds like too much work given that all the apps are already sandboxed.
However, someone very recently posted a very similar question on the GOS forum today and somebody else replied with a link to this which was an interesting read: Best User Profile Setup on GrapheneOS – Seprand
I suspect that app purchases and subscriptions won’t work between profiles due to
Apps cannot communicate with apps in other profiles via inter-process communication (IPC).
I don’t see how an app from one profile could know about its purchase status if it can’t IPC with Google play services from another profile, but I could be totally wrong.
Can you expand on what is different about it? I have experience running multiple users, but always using the primary user for daily use. Are there any downsides to using a secondary user for daily use?
Yes I’ve been considering that as well. I think it doesn’t solve my problem of wanting to install apps with Google Play yet keep them separated from Google services, since you can’t push apps to/from the private space. But it’s a really cool feature and makes a lot of sense for two completely separate spaces.
I think you’re right but I was hoping we might be wrong somehow .
I considered the idea of installing Google services on the secondary user temporarily to verify the purchase then immediately uninstalling it, but… it sounds messy probably wouldn’t work anyway. Really it depends how the app is built. There’s one app that I’m particularly fond of, but it requires an in-app-purchase, so I have a dream I’ll find a way to use it again one day.
Main (admin): Three app stores, no Google Play store or services. Install apps and disable immediately. Then, push apps to users.
Daily profile: Apps I need on a daily basis. FOSS where possible, browser for untrusted sites.
Social media profile: Self described, but sandboxed due to untrustworthy apps and doomscrolling habits. Browser preferred.
Hobbies/Shopping profile: As above.
Google Play Profile: This is the only place I have play services installed. Basically so I can test apps that break or claim to require play services to function. I think I’ve only used it twice. One for McDonalds and one for a crappy Gov application.
I like compartmentalizing my phone because it is constantly begging for my attention, and switching profiles breaks up the dopamine flow of switching between apps constantly. But that’s me.
But I do like knowing my admin profile has nothing on it.
The only problem I had initially was needing to switch to the admin profile to check for updates. I like manually checking each app this way because I know exactly what up is being updated and what has changed.
Edit: The other issue I had initially was dealing with 2FA and password managers. Just start with this on each profile first, and you will need to leave one profile running to get the 2FA code if you an authentication app.
It’s definitely more annoying to do some things. Like when sharing wifi QR code (which I do surprisingly often), I have to go back to Owner profile as non-Owner profiles don’t have permission.
Want to install an app? Back to Owners and do a bunch of steps (find on github for Obtanium link, or failing that, Play Store/Aurora/F-droid, etc. Immediately disable on Owner, manage profiles, push the app, switch to profile, finally use the app).
Want to fully uninstall an app? Uninstall from all non-Owner profiles first, then delete from Owner. Just deleting Owner’s doesn’t recursively delete other profile’s version of said app. Maybe deleting order doesn’t matter… but essentially it’s a multi-step process.
It’s kind of a perk, as you’re deliberate with everything you do on it. But it does get annoying sometimes when I want to test out this promising app, only to find it’s not what I want, or being de-googled breaks it somehow (usually notifications…). Going through a lot more effort for disappointment hurts a bit more, you know?
So besides that… it’s 90% the same in day-to-day use.
I don’t think it’ll be the solution to your biggest problem of using a paid-app without the google-play-services on the profile… I tried briefly but gave up quickly over said issue. Maybe I should have tried at least tainting the profile by installing/activating the paid app then removing it. Most likely depends on how often the app “phones home” I’m sure.
In the owner profile, if you go to Settings > Apps > The App you want to uninstall, if you tap on the three dots in the upper right corner, there is the option to uninstall for all users. You might have to have the profiles running in the background, at least for private space I know you have to have your private space unlocked.
This article really summarized the main ways I can see people using GOS.
Isolated Google Apps - Owner profile with only open-source apps, while secondary profile hosts Sandboxed Google Play along with other necessary apps. This is probably the most common, and easiest to understand.
Empty Owner Profile - Basically like the previous method, but it allows for easy deletion of secondary profiles.
Owner as App Pusher - Basically SideOfBurrito’s method. Main benefit: you can more easily manage app installation across different user contexts. And if you ever do have to recreate a profile, you can easily push the apps to the new profile without having to go through installing all the apps again. Makes it really easy for those apps that I push to multiple profiles too lilke browsers, app stores, vpn, password manager, etc.
No Secondary User Profiles - just leverage android’s inherent sandboxing for privacy, and maybe utilize private spaces instead of a whole different profile if you want some separation but not too much.
My daily driver (a pixel 8) has no Google play services in the main owner profile, I get all the apps via Obtanium, GOS appstore and accrescent.
I have my original Google account running in private space giving me access to WhatsApp, gmail, pokemon go and google photos.
This works very well but I’m a little concerned that for at least some of the apps I’m going against recommended best practice.
So I’m considering installing gps (my new gos account) for app installation/update but keeping it disabled and updating manually.
My second device is kind of my laptop (its a pixel 8 pro). The owner profile is used solely for app acquisition and update (a la sideofburritos except again I keep the gps disabled). I have a bunch of secondary users each with a specific purpose (eg running my banking apps).
The pixel 8 is my 4th and latest go at configuring GOS and I’m more surprised than I thought by how fantastic it is to be able to “just load” an app without swapping users and installing available apps. It doesn’t sound that significant but for me it is apparently.
Overall my recommendation is to try it and see what works for you and don’t be afraid to reset and start over.
I just have way to many reliability issues when it comes to secondary profiles and receiving calling and texts to not daily drive the main profile, on GOS. I use a Pixel 7.
I have resorted to using QUIK on my tertiary profiles because the sync message feature will grab missed texts. As for calls, I just always double check if i have a missed call when i switch back to main profile.
My current setup is
main profile: with all the apps I need regularly. This is basically all FOSS apps, no play services required
work profile: this basically acts as my work phone. I am paid a stipen to use my phone as my work phone.
google profile: anything that requires the play services, from banking apps to taco bell.
music profile: this profile is pretty basic. It is just used to wireguard into my home network to play music off my personal server when travelling.
Like others here, only FOSS in the owner profile, and proprietary malware is further confined to separate user profiles, e.g. Work, Games, Travel apps. I also have a profile with Google dependencies, mostly for testing purposes and some occasional use of Google maps.
That’s unfortunate to hear. Call/text reliability issues would be a major problem for me.
Can anyone else chime in on their experiences with call/text reliability on secondary profiles on GOS? Searching on the GOS forums I see some people have had these issues, but also it seems like it’s gotten better over time. I suppose I may have to test my setup myself and see what happens.
Regarding the QUIK sync feature, can that run automatically or do you need to manually sync often?
.