How to use Work Profile to increase your privacy - General Topics

The Work Profile on my phone isn't something related to my work. I will always use a separate phone for my Work. Yet, I install Work Profile on all my phones. On top of that, I also use the Multiple Users feature (if available), although I'm the only one using my phones.
The one word answer for why I do it is Privacy.​
MULTIPLE USERS​
Multiple Users feature of Android allows users to create an isolated environment with its own set of apps, accounts and user files.
An app can be installed only once in a device. If you try to install an app, that is already installed in one profile, in another profile, all that happens is creation of a separate Data folder for that app in the new profile. So while it may appear that the app has been installed again, that's not what is actually happening. This is why an app can be updated from any user profile. This is also why you can't install different versions of the same app in different profiles.
The Work Profile is a special type of Multiple Users feature of Android, with some specific advantages:
1. Apps in the Work Profile run concurrently with apps in the Main Profile (Primary User). In case of Multiple Users, apps are frozen once you login to another user.
2. Since apps in Work Profile are always running along with apps in your Main Profile, you get notifications from Work apps along with those on your Main Profile.
3. You can launch apps in Work Profile without having to leave the Main Profile. This is not the case with apps in other Multiple Users.
HOW TO USE WORK PROFILE (OR OTHER MULTIPLE USERS) FOR PRIVACY ​
There are a few apps that we use which need access to both internet as well as internal storage. Examples would be downloaders, social media apps, etc.
This is one area of Android that is very privacy invasive. You either give full access to your internal storage or you can't download/ upload files. Hopefully, this is being addressed with Android 14.
It is because of this limitation of Android, that Work Profile can be used to isolate personal files from certain apps, without limiting their functionality.
No app in Work Profile shares data or is connected to apps in the Main Profile. They also do not have access to Contacts, SMS, etc. in the Main Profile. This includes Google Play Services too.
I install Downloaders, social media apps, etc. in the Work Profile and give them all the necessary permissions. While these apps have access to the internal storage, they still cannot access files in my Main Profile like my camera roll, or other files that may contain sensitive data.
This is how you can use Work Profile to increase your own privacy.

Note that Work Profile or Multiple Users do not increase your battery drain or cause lags. On the contrary, they may help conserve some battery and reduce lags because apps in Multiple Users do not run until you login to that User, and Work Profile can be turned OFF when you don't want those apps running.

You can enable Work Profile on most Android phones using this app:
Shelter | F-Droid - Free and Open Source Android App Repository
Isolate and run multiple instances of apps using Work Profiles
f-droid.org
Many OEMs hide this feature in their implementation of Android. This app only enables it and makes it accessible to you.

Related

[APP] SwitchMe Beta - multiple users WITH OWN DATA on a single device

SwitchMe - An Android first
Welcome to SwitchMe, an application for root users that allows you to log in and out of your device just as you would on a personal computer.
The technology behind SwitchMe saves all of your applications and data, protects it and stores it as a file in memory. You can then log out of
an account and log into a fresh installation of Android or another account with its own unique content.
You may create as many profiles as the memory is capable of holding. Some of these may require very little free memory because they contain
few apps, others will be larger as they contain many applications and lots of cache and data.
Why is this functionality useful?
Privacy - the most obvious benefit is that you can securely share one device among multiple users, which gives you privacy and peace of mind.
Testing - if you are a developer, you can use profiles as clean sandboxes to test your applications and their interaction with the system.
Speed - the games your kids play slow down your tablet, but with SwitchMe you can easily create profiles in without games or messengers.
Battery life - when the battery is low but there are important emails or documents to edit later, switch to a profile which only contains these essentials.
These of course are only suggestions - there are plenty of other uses for the functionality SwitchMe offers.
SwitchMe explained
In order to start using the application, you must create at least two profiles. The first you create will contain all your current data, the second will be a
fresh installation of the operating system.
Once you have created a second profile and booted into it, you will be presented with the Welcome screen, where you can add a new Google Account.
After you have set up your wireless connection and logged into the Google Account, you will find that SwitchMe comes preinstalled so that you can switch
back to the original account without needing to access the Market.
Advanced users can also clone their current profile - this can be useful if, for example, you want to see how the installation or removal of an application
affects your device.
Recommended usage
The most basic use for SwitchMe is creating multiple profiles for your family members. To do this, create separate profiles for yourself, for your significant
other and for the kids. Then log into these profiles and install the relevant software.
For your wife, for example, you can set up an email account and create bookmarks and widgets. For the kids, download and install some games.
From now on, handing your device over without worrying about them reading your emails or installing lots of junk is as simple as switching profiles.
Usage warning
Its very important to understand that incorrect use of this application can potentially harm your device. This can happen if you create and switch to
a profile that exceeds the available memory - switching into this profile will cause a boot loop as Android attempts to unsuccessfully build the Dalvik cache.
Before proceeding the use we recommend that you perform a full nandroid backup through recovery.
Looking forward
These are early days for SwitchMe, which means that a lot of additional functionality will be added to the app in the months to come. Planned features
include full profile encryption, profile storage on external memory and switching without the need to reboot your device.
We also plan to expand the information window to include data about each profile's applications, as well as the ability to reserve memory for profiles.
This Beta
The apk attached to this post will expire in 24 hours. Use that time to tell us if there are issues and to send logs (as always, with descriptions) via the
"Write to us" function.
Lots of functionality has been removed from this version, but will be added over the coming days.
Screens:
Known issues
Help doesnt work outside main screen
Persistent notification doesnt enable in new profiles
Hot switch not working on ICS (almost fixed, currently unavailable)
Encryption doesnt work (only password protection atm)
Sweet! Going to try it.
This allows me to have multiple chars on 1 device for games also? (like Emross War or the Storm8 games?)
edit: Sended my first crash log allready
Yes. I see there is an issue with the trial...
This is a brilliant idea! If you can add a feature to disable su for accounts it would be great.
For my use, I would probably have a default account that has limited access and limited apps. It should not have su or the ability to install new apps via the Market or via adb. The second account would be an admin account with everything enabled. I'm very interested in the encryption features as well. This and a password protected bootloader combined will keep my phone pretty locked down
Hi guys. Sorry I'm on a tablet ATM, so you'll have to use this filehost link for the next few hours. The apk has been updated:
http://www.datafilehost.com/download-beac0342.html
Okay this is what I've seen so far:
At first launch it asks me to create a profile, works fine.
When pressing the lock icon in the top right-hand corner it crashes.
The 3 dots open the settings page, and the notification icon works fine.
I can't seem to figure out how to create a 2nd profile?
When opening my profile I don't see any data in there, it just says "Details" in the top left-hand corner. It has the 3 dot setting icon thing, when I press settings, nothing happens. When I press the lock icon it crashes.
To view the details of my profile I have to hold-press on my profile in the main screen and then select details. Now I see some bars and I can put a password on my profile with the lock icon, settings still don't work. After you've done this, you don't have to press details anymore unless you restart the application. By pressing the activate button when I long-press on my profile it also allows me to see the details when I click on my profile.
A lot has to be done, but the concept is there, good job!!
ybinnenweg said:
Okay this is what I've seen so far:
At first launch it asks me to create a profile, works fine.
When pressing the lock icon in the top right-hand corner it crashes.
The 3 dots open the settings page, and the notification icon works fine.
I can't seem to figure out how to create a 2nd profile?
When opening my profile I don't see any data in there, it just says "Details" in the top left-hand corner. It has the 3 dot setting icon thing, when I press settings, nothing happens. When I press the lock icon it crashes.
To view the details of my profile I have to hold-press on my profile in the main screen and then select details. Now I see some bars and I can put a password on my profile with the lock icon, settings still don't work. After you've done this, you don't have to press details anymore unless you restart the application. By pressing the activate button when I long-press on my profile it also allows me to see the details when I click on my profile.
A lot has to be done, but the concept is there, good job!!
Click to expand...
Click to collapse
Thats what happens when people code at 4am from home. All shall be fixed today - they are just cosmetic issues.
THREAD CLOSED FOR NOW, A NEW ONE WILL BE OPENED LATER TODAY.

Secure Spaces Support (or equivalent feature) for Pixel?

I used Graphite Software's Secure Spaces on a Blackphone 2, and I really liked the way it allowed me to keep work and personal data separate. Visiting their website, I see that support is unfortunately limited to a small group of phones, and includes the installation of a customized ROM. In the xdaforums Nexus 5 and Nexus 5X Development forums, there are Secure Space ROM threads, but I'm just curious if anyone knows if there will be future support with Secure Spaces for the Pixel, or if there is another solution that provides a similar separation capability, for the Pixel. (Unfortunately my employer does not allow rooted phones).
Just received notification from Graphite that support for the Pixel is planned. If anyone knows of any similar "separation" technology that's available please feel free to post to the thread.
Not being familiar with Secure Spaces, and having only briefly scanned what it does, could you not do the same thing on the Pixel by setting up an additional user for the phone? When you set up a new user it's like a whole separate phone for that user, including passphrase, apps, storage, email, settings, everything.
Maybe it's an ignorant suggestion, but it looks like that's what Secure Spaces does.
I think that Secure Spaces offers more separation than what you're describing, (although I admit I've never tried setting up two user accounts on my phone to see what separation is provided). My current and former employer require that any devices that access the corporate network, (in order to get email, calendar schedule, etc.), be installed with MDM, (mobile device management), software that allows the IT department to have complete control over the entire phone's configuration, (most obvious if you try to change the security options), and management. Secure Spaces allows me to have separate workspaces, one that corporate IT can own, and another that can be configured and managed as I want. It also keeps data separate between the workspaces.
jasnn said:
I think that Secure Spaces offers more separation than what you're describing, (although I admit I've never tried setting up two user accounts on my phone to see what separation is provided). My current and former employer require that any devices that access the corporate network, (in order to get email, calendar schedule, etc.), be installed with MDM, (mobile device management), software that allows the IT department to have complete control over the entire phone's configuration, (most obvious if you try to change the security options), and management. Secure Spaces allows me to have separate workspaces, one that corporate IT can own, and another that can be configured and managed as I want. It also keeps data separate between the workspaces.
Click to expand...
Click to collapse
When I create a new user under Nougat, it's as if it's a brand new phone. You only have the base apps that were there when the phone was new, you have to set up Gmail again, Chrome is empty, Photos shows nothing, etc. You can manage security settings, pretty much everything. The only thing I've found that it will not let the secondary user do is open the Messenger application - so the secondary user cannot read or send text messages on the phone - which is of course a good thing.
I also found an article with this blurb about the separation between users:
Under the hood, file-based encryption enables this improved user experience. With this new encryption scheme, the system storage area, as well as each user profile storage area, are all encrypted separately. Unlike with full-disk encryption, where all data was encrypted as a single unit, per-profile-based encryption enables the system to reboot normally into a functional state using just device keys.​
Anyway, it's probably all irrelevant now since the product you're used to and happy with is available for the Pixel. That said, if you haven't installed Secure Spaces yet it might be worth taking a look at it. Just two-finger swipe from the top and tap the "user" icon and then "Add user".
Thanks for spending the time to research this issue.
I'm sure that folks over in the two SecureSpaces development threads here, (1., 2.), can speak more authoritatively on what Secure Spaces offers over a stock setup. For me being able to configure the security options for my personal space, separate from my work space, is important, as well as keeping the data separate from each other.
What about Android for Work?
I used to use it with BES12, worked well.
Sent from my Pixel using Tapatalk

Privacy concern with a dubious app

Any help will be much appreciated.
I have to install an app which I don't trust, but which requires too many permissions, which obviously I am not keen on giving the app. For reasons beyond my control, I can't name the app (it's a work thing).
My idea is to create a new user on the phone, (OnePlus2) and install the app for that user only. Would this stop it from being able to access the data under my own user, and restrict it to only read the data available for the new user for which it is installed?
It requires permission to: (just incase this info helps)
Draw over other apps
Take pictures and videos
Find accounts on the device
Approximate location, precise location
Read SMS/MMS, Send & View SMS/MMS
Modify or delete contents of USB storage
Read contents of USB storage
Read phone status and Identity
Any other solution I should look at? Or will this work just fine?
Cheers!
No way I would install that. Not on a device I use. Unless I had full control over the source code for the apks. I could see some uses.
But to answer your question, I think that should work. I don't have much experience with the details of extra users on the device bit you can look it up on the Google developer site.
That should be enough.
For good measure, I Tried Doing this on my Moto G4 Plus. I created a new user and installed Drupe and Textra. And here is what happened.
1. The New User did not have access to my contacts, call records or SMS
2. The old user could not see these two apps.
since the gallery is tied to photos on the Moto, the users could not see each other's photos.
UPDATE: I just saw an app on another thread that may work for you. - https://forum.xda-developers.com/android/apps-games/closed-beta-test-incoming-companion-app-t3366295

Unsolved tech...

Hello guys,
I have been searching for answers to some of the tech stuff, but couldn't find them.
Here are some of those questions. Hope some of you would have answers to these. Thanks in advance!
ANDROID
1. How to share files between multi-users on Android 11?
Before Android 11, it was possible to save files inside the Android/ obb folder, and these files were visible for all users on the device. In Android 11, this is no longer working as the 'obb' folder appears to be exclusive to each user.
I know this is possible via USB OTG or a cloud service, but is there a solution without these?
2. How to copy/ backup game data for non-rooted devices?
Helium Backup doesn't seem to work. I have played a game for long on my Mediapad, and I would like to copy that game to my phone. Unfortunately, my Mediapad is not rooted and losing all that game progress has become a nightmare. I have written to the app developer to provide some sort of backup using either Google Play Games or social media integration like Facebook/ Twitter, but haven't received any response.
3. How to force apps (esp. file managers & gallery apps) to use in-app media viewer without changing system default.
For example, I may use the stock gallery app as default for viewing media. But if I am using another gallery app or a file manager that is capable of viewing media files using its own media viewer, I would rather want it use it than open the default app. Is there a way to do it?
4. Replace stock file manager (a system app) with another app from Google Play Store or other sources. Is this possible?
I am not asking how to convert a user app into system app. I know that part. I tried replacing the apk file of the stock file manager with a 3rd party apk, even renamed it, but it didn't work.
5. Extract a system app from one device and install it on another device without root. Is this possible?
I have tried it, but apk installation fails. For example, Samsung Gallery app on OnePlus phones.
iOS
1. How to install .ipa (iPhone app) on an iPhone (not jail-broken) without a laptop (iTunes)?
2. Is it possible to have SFTP server for iPhone?
All Operating Systems
1. How to provide LAN only access for non-rooted devices as well as in Windows & iOS?
For rooted devices, we have apps like AFWall+ that can do it. But is there a way to do it for devices without root, as well as for Windows and iOS?
For non-rooted devices, we have apps like Netguard that support 'Allow LAN access' whilst blocking internet access.
Are there any alternatives and solutions for other platforms?
2. How safe is it to enter login credentials in an app to allow it access to network drives?
I use several apps (on various platforms) to connect to my laptop over SMB. This requires me to provide the app with my Windows Login Credentials, which is a Microsoft account. Am I risking my account by providing this info to the app? Is it safe to enter login credentials of cloud services in file manager apps?
Just bumping this thread as it seems to have been lost/ unnoticed.
@Ultramanoid can you answer some of these?
Sridhar Ananthanarayanan said:
@Ultramanoid can you answer some of these?
Click to expand...
Click to collapse
Can't help much, sorry. As to Android, some notes :
1. Never have used an OEM / Google's version of Android, or anything other than rooted single-user systems.
2. In addition to the previous answer, I'm not a gamer.
3. I usually don't ever set defaults with some rare exceptions, so I am always given a choice of what I want to use to handle a file. It may vary depending on many things; I may want to edit an SVG file as text, or view it as an image, for instance. There are applications / services that will intercept intents to allow you to do this sort of thing as well, but I can't recommend a specific one, never use them myself.
4. Possible, but will break Android as by now the system requires it as a file picker in many instances without recognizing alternatives and developers of most applications do expect it as well and their services will not work without it. Don't do it. With recent Android storage changes, including the scoped storage debacle, this is not a viable option anymore.
5. Depends, but not likely as a general rule, specially for OEM garbage, which relies on their own proprietary modifications of Android, their libraries, frameworks, et al. You'd have to carry those over to the destination too, which may not even be possible. Use OEM-independent and not Google Services reliant applications. ( Edit : you'll find some of those applications built to install on all devices here on XDA by single developers, "SONY camera for all devices" and that sort of thing, not recommended anyway, not well supported or long-lived experiments. )
Ultramanoid said:
Can't help much, sorry. As to Android, some notes :
1. Never have used an OEM / Google's version of Android, or anything other than rooted single-user systems.
2. In addition to the previous answer, I'm not a gamer.
3. I usually don't ever set defaults with some rare exceptions, so I am always given a choice of what I want to use to handle a file. It may vary depending on many things; I may want to edit an SVG file as text, or view it as an image, for instance. There are applications / services that will intercept intents to allow you to do this sort of thing as well, but I can't recommend a specific one, never use them myself.
4. Possible, but will break Android as by now the system requires it as a file picker in many instances without recognizing alternatives and developers of most applications do expect it as well and their services will not work without it. Don't do it. With recent Android storage changes, including the scoped storage debacle, this is not a viable option anymore.
5. Depends, but not likely as a general rule, specially for OEM garbage, which relies on their own proprietary modifications of Android, their libraries, frameworks, et al. You'd have to carry those over to the destination too, which may not even be possible. Use OEM-independent and not Google Services reliant applications. ( Edit : you'll find some of those applications built to install on all devices here on XDA by single developers, "SONY camera for all devices" and that sort of thing, not recommended anyway, not well supported or long-lived experiments. )
Click to expand...
Click to collapse
Thanks very much. But I wish you answered the last 2 questions as well.
If time permits, would you be interested in telling us how you use your phone? I mean which device, which OS and what apps you use. I would like to give that a try (on a spare device) and see if it is possible for me to live without Google.
Sridhar Ananthanarayanan said:
Thanks very much. But I wish you answered the last 2 questions as well.
If time permits, would you be interested in telling us how you use your phone? I mean which device, which OS and what apps you use. I would like to give that a try (on a spare device) and see if it is possible for me to live without Google.
Click to expand...
Click to collapse
Didn't answer because it won't be helpful.
As to the 1st, I don't use LAN, and I don't keep data in any device or computer unless in use. External independent encrypted storage to be used wherever, whenever, independent of device, cables if needed.
As to the second, it's a matter of common sense, being informed of vulnerabilities and aware of reputation, and trust. Would you trust Chrome or Mozilla with data if you're online banking ? Seems reasonable -- but be aware of major vulnerabilities that may be going on. Would you trust an application released yesterday by a single developer for the same ? Probably not a good idea.
Finally, I doubt what I use and how I use it would be acceptable for you, or most people. In essence you could : Install latest firmware, wipe device, install latest security patched Lineage build for it, remove vendor / Lineage applications, get full root, remove anything you don't need or use which could have vulnerabilities; frameworks, libraries, binaries, etc ( Bluetooth, SMS, Android system-wide downloader, system-wide WebView, NFC, and on and on .. ), install your own binaries, fonts, hosts file, and applications where appropriate ( /bin /etc et al ), install Termux and all Linux packages required for your use, everything open source whenever possible, and stay away from any Google services / Play / applications with ANY trackers, analytics, data mining or even crash report capabilities; zero tolerance. Internet permission only for a secure web browser -- and terminal if / when needed. Half of what I do or use goes through terminal to be honest. In short, for me an Android device is a full Linux laptop replacement with added perks : Always on and on me, camera, GPS, pedometer, unlimited LTE data, and emergency calls for medics / police. ( Edit : And Japanese EEW alarm of course ! Only notification I use. We learned our lesson well in 2011. )
You can use ApkExport to extract any apk including system apks. I've transferred apks between other devices devices with it.
Never had need of doing that though with a system apk.

Record VOICE_DOWNLINK and VOICE_UPLINK in two seperate files?

As we know this is sensitive data and permission required is not provided to third-party apps. But by installing application as the system app and also adding the Manifest.permission.CAPTURE_AUDIO_OUTPUT permission as the whitelisted, I have gained access to the VOICE_DOWNLINK or VOICE_UPLINK separately. but I want to record both channels in parallel in two separate files, and if possible another third that has both combined from VOICE_CALL. Right now when I request AudioSource one overrides the other. As far as i know this is Android system's limitation. The system can't provide these sources in parallel. What needs to be done in order to make system return both sources. Does it depend on the OS or is it device itself ?

Categories

Resources