How do apply separation/isolation of set of apps using various user profiles?
How do you decide whether this or that app goes to one or another group (user profile)?
What are your considerations for not putting X app with Y app?
When we’re on one user profile, we don’t don’t know what’s going on another.
It’s somehow inconvenient to switch from one to another.
If any, what particular configurations do you make on the owner(admin) profile?
And do you use the owner(admin) profile as a daily profile?
Yes, I’m quite interested in this at present. I am in the process of setting up a new degoogled/privacy phone and am working through installing using profiles and sandbox app (Shelter).
On my BraX3 there is Private Space (which I assume is standard on iodéOS) so can it be used with sandbox app too like a Profile? Or is it defined differently so not compatible?
Edit: Also I understand in theory you can use more than 2 profiles in iodéOS, but I got the impression there is a bug with doing that (or there was, at least, several months ago) - is that correct that you can do more than 2 profiles, and if so are there any known issues with that?
“Android Private Spaces” is a new feature in Android 15 / Lineage OS 22.x / iodéOS 6.x, I have not tinkered with it but it may work for you, you would have to read up on it and try to get some feeling for if it meets your use case. But “Shelter” was created before this, and has the limitation on only working with the work profile. So you can’t set up multiple “Shelter” profiles, for example. I believe that “Island” or maybe “Insular” may possibly allow having multiple isolated profiles, sorry I haven’t look recently.
So to the original question, for me at least the “Shelter” profile is any app that is closed and that requires some sort of WhatsApp or Google login junk (well I also throw Telegram in there, my banking app, etc). Basically things I am not to enthused to run on my phone but I have to for various reasons. I do have some proprietary apps that seem to me less ethically suspect in my main profile, but another popular way to do it would be to have your main profile be open source apps only.
A key “feature” to me is auto-freezing apps in Shelter. As I understood (but forget all the details), anything in “Private Spaces” is still able to run all the time, it can’t be “frozen” so that is another motivation for me to put it into “Shelter”, when they are apps I know I don’t want running all the time (I use “Beeper” for WhatsApp and Telegram, for example, so have both of those frozen nearly all the time in Shelter).
Belated thanks rik - that was very helpful just as I started playing around with private Space. I’ve posted more details in the post linked below (you will have likely seen this already) but think I’m going to do something vaguely similar to what you describe and repurpose Private Space and the Work Profile (with Shelter) as follows:
Main Phone Profile: Only open-source and/or trustworthy privacy apps (e.g. Proton apps, 1Password, and those types of things that aren’t all open source but have minimal risks and can be managed with permissions & iodé app).
Work Profile (with Shelter): Will be my banking app(s), any general apps even if not too nefarious (e.g. like Amazon and EBay); and all the undesirable ones pumped fill of nastiness (like my home utilities controller apps - one of them has something like 27 trackers in it, but unfortunately I need it to run my house). As you describe I can unfreeze these one at a time, as needed then refreeze them, and obviously lock them down hard with permissions, access, iodé app, etc, and they are isolated from all my good privacy friendly everyday apps above.
Private Space: I will use solely for my 2 work apps - Microsoft Outlook & Teams - these don’t matter if one or both are unlocked as its the same insidious organisation they phone home to. My organisation doesn’t manage anything on my phone remotely as it’s my personal phone, so they will only see whats in the apps - so I don’t think there is a risk from that aspect around access to the other profiles/rest of the phone? But I need to check that I understand it correctly to be sure - but I’m going from this comment:
When you’re using the Private Space, you can’t interact with things outside of it, and vice versa. It’s a great way to add an extra layer of privacy to health and banking apps. You can keep all of your work-related apps and accounts in their own space. Or maybe you just want even more security for those sensitive photos and videos. - from How-To-Geek
Again I can lock them down hard with permissions and iodé app, and I will just lock the Private Space most of the time and only unlock it (a) when at work/on the clock if I need to use those apps, or (b) if after-hours there’s an urgent need to access them. You can set Private Space to auto-lock (e.g. every-time the device locks) and my understanding is when locked it’s the same as Shelter Freezing the apps - they can’t run/don’t run in the background until it’s unlocked again. Difference is its an all or nothing thing (all apps frozen or none frozen).