Private Space is the native interface for the Work Profile in IodeOS.
I didn’t study Shelter, but from what I’ve read at a quick glance, it also leverages the work profile feature of Android, so I wouldn’t expect much else from it. Plus it’s awfully outdated by now, so there’s no reason to use it.
As for the Work Profile, it creates an isolated environment as far as the apps in it can access the directory tree, system functions and peripheries, but it’s not a sandbox.
Android kernel doesn’t currently have an additional layer of sandbox for such a purpose, so no app will add such a functionality, as it’s a kernel level feature. Everything else (Shelter, Insular) is just a front-end for the Work Profile. Each and every app already run in sandboxes, but with such permissions that they normally can access system functions, files, communicate with each other, etc. So the Work Profile “just” strips them from these permissions on global level, and keeps them local to only the Work Profile environment. How secure is this, only the devs could answer that. I hear that GrapheneOS has an even more hardened implementation of the Work Profile feature.
This is all we currently can get on Android, as far as app isolation is possible.
Whether this is secure enough to spoof Google, only Google could answer that. The only true way is complete device isolation and strict opsec hygiene. Logging in to any big tech account on your privacy phone regardless of what environment they run in, will always be risky and probably it’s better to think of your phone as ‘compromised’ once you voluntarily logged in to any big tech company on it.
Your threat model should decide whether this is acceptable to you or not.
I, for one, am happy with a 99% control of my data, where the normie apps are locked away and frozen. Big tech already knows my phone, its IMEI, its connection to me. So even with IodeOS now on it, I’m sure they can correlate it to my person, regardless of VPN use, etc. I just leave too many clues in my early attempts to create my own opsec plan, that they can probably deduce the connection.
A fresh device would be ideal to get and start over with.
A second number on the same device, ehh.
In the GDPR region phone numbers need to be registered, so I see no point in having different numbers. In the US that could work towards the network providers, but then you have both numbers on the same device, so who’s to say your apps won’t just share that info and tie the new number to your ID anyway?
Work profile is something else than private space. Private Space is there since Android 15 and a real user which is maped on another user. Work Profile is much older, it is not a real user but a „Profile User“ (which is not so heavily shielded) and you need an app (Samsung Knox Workspace, Samsung Secure Folder, Shelter, Insular, island, …) that uses these Android-functionality.
work profile: product presentationdocumentation
private space: documentation
Oh, thanks for the info. So the same, same, but different. The bottom line is, neither is a sandbox and both of these work on the same principle as far as the apps in them are concerned. Correct?
Yes. So far, so correct. But technically, these are still different things, because this profile user (which the work profile uses) is not as isolated from normal users as a genuine new user or private space.
While we’re being pedantic, could you explain perhaps why the documentation refers to the Private Space as a “sandboxed space”? As far I understand, Android only has one kind of sandbox, in which every single app runs. But the kernel doesn’t offer additional layers of sandbox.
Is the meaning of the “sandboxed space” merely figurative (perhaps isolation would have been a better wording) rather than what the definition of a sandbox is in IT?
Anyone that believes that google are ever going to adopt a kernel upgrade that would facilitate the installation of apps that they have no access to must be living on fantasy island. LMODroid have been promising a Lindroid container integrated into their android OS for some time now and it still hasn’t appeared. AFAIA only SFOS has a one clik fully isolated LXC container install you can download from their own repository.
Belated response but FWIW Private Space does not work like Shelter. I have been using both for 5 months.
In Shelter you can unfreeze apps individually, in PS you can’t, its all or nothing (i e. Unlocking private space unfreezes all apps in it). So whike old Shelter gives you better control it seems over when apps can run (whether in background or in UI).
My experience has been I get a lot more app errors and issues from unfreezing apps in PS compared to Shelter (where I get very few). It doesn’t prevent you using the apps, but can be annoying initially needing you to close and reopen them, or wait longer than usual for them to load…
This is in addition to the other issues around PS; not that Shelter + Work Profile is perfect (e.g. its not a true sandbox), but its still better for now than PS IMO.
