another solution for you is no profiles, just the main + Private Space. In main you dont use any Google stuff. In your private space (setup with a different unlock method from your screenlock), you sign in and get your Google stuff. I havent tried it but it sounds ok…Not sure about transferring files though. E.g. what if I have a news article in Vanadium in mainland and want to share it to my contacts in Private Spac? Or the reverse: I got a pdf from whatsapp in Private Space and want to store it in my main’s folder?

@pinball_wizard@lemmy.zip was correct: Even a single GOS profile is already much better than normal Android. You can read up all the security stuff GOS offers in Settings/Security and Privacy. A lot of those features are already much better than stock Android, e.g. strict control over USB c, spawn app securely, wifi/BT auto off…etc.

As to your question about logic in using diff securities, GOS is the only OS that allows you to have many profiles. These profiles are completely isolated from each other. You have your own keylock, user for each profile. That is much more powerful that stuff like Peivate Space (stock Android has) or even Samsung Secure Folder. So I want to make the best use for these features…

That and we have too much personal and sensitive stuff on our phones nowdays. I’m not talking about normal stuff like emails and photos. I meant online banking apps, identity card app that each country for some reasons force citizens to install…And everything else, literally everything has an app.

Anyway…

Initially i went with: 1 owner profile (the one you started originally), 1 media profile, 1 bank profile and 1 daily profile. You know like completely compartmentalize your life.

This works BUT there is a lot of inconvenience. .E.g. if i see an article in Vanadium in daily and want to share it to whatsapp/viber/signal which live in media, i cant.

So I then went with: 1 owner profile and 1 sensitive profile…So all the things that are very important to me like banks, IC app I put in sensitive. .Everything else I put in owner. Note: in sensitive profile, I do not user fingerprint; I set a long password for that.

Hope that helps.

Just go for it. You can always go back to stock if you dont like it.

My advice: dont make it too complicate. GOS has a lot of different securities and you can choose whatever you want to do with your phone. Some examples::

• you can run the whole thing on 1 profile

• 1 main profile and 1 secondary for Google

• 1 main profile for admin and several secondary profiles each with their own private space… .

and so on and on. I like to think of GOS similar to Archlinux. You can choose your way, but if things go south , a extremely complicate setup will make it very difficult to diagnose and maintain.

the only way i would consider popos is that it has a built in recovery mode. So literally you can reinstall your OS or just general troubleshoot without using a usb. Very handy.

It is something I’ve been trying to get to work on other system without success lol.

ffs stop using popos

Put Fedora gnome workstation and be done with it. Heck, put Linux Mint XFCE and I guarantee he wont even need to reinstall the OS unless the hardware breaks

yes some Play store apps are country specific so instead of switching my default country, which stupid Google only allows 1 per year btw, I want to create different profiles with different Google accounts. You cannot do that without showing that these accounts belong to whichever phone number you have

its been 4 months and I am not regret about my switch to GrapheneOS. The only thing that can make this 100% perfect is creating a Google account that does not tie to your phone number.

GOS is great. Funny, I used to rom hop and distro hop a lot; but on GOS, I installed it once and so far so good (5+ months in).

Just some tips for new users: Just install it and dont be afraid to try things out (Google Store, profiles, Aurora…etc). Oh and dont make it tooooo complicate with many profiles and private space. You can test first but dont over do it if you’re not experienced.

And no, I am not a dev from GOS lol. I’m an ordinary user who wants to take control of my phone.

i guess another way is to use those shitty privacy screen protectors that do not work with fingerprints at all. They can try all they want, its not gonna work.

Or grapheneos but compartmentalize sensitive data to a profile where you use no fingerprints, only pins. Duress can be entered anywhere right? So if you’re being compromised , enter the duress pin.

any ideas how to add that engine to Vanadium on GrapheneOS?

Yes it is very much doable and you can get a functional system. But there can be 2 main problems for your case:

1. you would literally install Debian and choose nothing (no DE just a bare minimum). On Arch, this is easy because it came with some packages or you can install during live to get wifi working. On Debian , last I heard you need to do some dhcp wizardry.

2. cross apps compatibility. This is very serious. Even “lightweight” DE like xfce has a lot of hidden stuff that helps to run your notifications , powers and brightness/volume. And that does not count it you want stuff from Gnome or KDE: they even have more special libraries. In your case, the worst scenario would be to have multiple libraries/configs from different DE and they try to do the same thing. This is very hard to debug and maintain.

Point 1) is not as bad, if you use an Ethernet or somehow connects to the internet. It is only for the 1st phase where you install stuff though. After that you can just use the DE’s network manager.

Point 2) should not be a problem IF you are running a window manager. The reason is that in these setups you can choose exactly what you want without messing up…On DE you can too, but you migght break things. For eg, choose dunst for notitication or xfce4-notifyd. On a mixed DE setup? Bad idea imo.

anything that ties to Micro$oft is shady

thanks for the detailed answer. Did you use the battery protection, i.e. charge to 80%?

so most apps have restricted battery with the exception being Google Play Service?

2 months GOS user here on Pixel 9. So far so good. You do have a lot more controls over the traditional Android phones. In fact, you have too much that for average user, i think it can be a bit overwhelmed.

PROFILES

For eg, you can easily install Google apps and use them like a normal phone. Problem is on Graphene, you have many ways to set this up. You can:

a) install in your main profile and be done

b) install Gapps in main the private space within main profile

c) some crazy stuff like install Gapps in the private space of a secondary profile, which you lock using a completely different password.

I spent too much time in this loop lol. Finally i settle on: all daily apps in main profile and sensitive apps live in a separate profile (banks, important docs).

SECURITY

1. Next the security features in GOS are amazing. You can control every single permissions that an app can do. I mean every thing including the system Phone app. I can go 100% paranoid and prevent the Phone app from Phone logs, microphone and Phone. Essentially making the Phone app useless… Very very nice but you need to experiment with your apps and see which permisions you can deny and which you cant. On normal Android? You can deny some apps but the system ones, you cant.

2. I especially like the USB c feature. I leave mine on Charge only. So the port only functions to charge my phone. This cuts off every other connections: plug into PC, plug into car for Android Auto…etc. I like it that way. .

Btw, Android auto works great too if you need it. .

OS is so minimal that you will need to install essential apps on your own. For eg, i use Florisboard for keyboard, MiX for file manager.

3. I really like the screenlock options on GOS. You can set:

a) your usual password, pin, fingerprint

AND

b) a secondary pin that can be scrambled at random. So you unlock with your fingerprint then you need to enter that 2nd pin or password to enter the phone. EVERY single time. And it is scrambled too so you dont have to worry about people tracing your fingers.

AND

c) the Duress pin. This is like the nuke PIN. You set this up and hypothetically you are in a dangerous situations (thieves want you to unlock, local police abuse your phones…etc), you can enter this instead of your normal screen lock pin/password and every data is nuked. I havent tried it yet because i spent too much time set my phone rhe way I like it lol. If somebody tries it out, pls let me know.

INSTALLATIONS

Stupidly easy. On the OG Pixel, if you want to install LineageOS, you have to be very careful. Beside downloading the ROM, you need to flash a custom recovery like TWRP. Then becaude it is a Pixel, you nees to be careful which slot to flash the ROM. Flashing to the wrong one will brick the phone.

On Graphene? It is literally plug your phone in and open the browser where the install notes are. The ONLy technical thing I need to do during the process waa enable bootloader unlock. Everything else was like “GOS finishes this, GOS finishes that, can you press this button, GOS is rebooting…”. .Very very simple.

**SOME HELPFUL POINTS (i hope) **

1. dont treat this as a Degoogle phone. .You can but the strong point of GOS is security.

2. some features are not available compare to like.Samsung’s ONE UI . For eg, only allows an app to connect to 5G and not wifi.

3. dont create a super complicate setup. The backup process will a pain.

Windows Updates

Got an update while finishing a large project for work. Tried to postpone updates, Micro$oft said no and reboot anyway. Rebooted and waited 2 hrs for the “Please Wait” to go away.

Oh yeh and also the in your face OneDrive adware. I swear, every single time I update, the laptop keeps asking if I want to sign into onedrive.

I’m allowed my own laptop cuz most of my work is ssh to a server and fix shit. You have to register your laptop on the network first though.

Office, Team: these can work via the browser if your company/organizations pay for the subscription. In fact, the web versions run much better than the standalone desktop ones for me.

Code editor, terminal, programing in general: These work much much better in linux. You open a terminal and you write commands to install stuff. Editors are even easier, i.e. nano, vim, vscode, emacs… etc. just pick your poisons…

Email: now I login to my exchange email using the browser. That works for 100% of the stuff I need to do: basic emails stuff, accept/decline meetings…etc. Unless you absolutely need to use Outlook, there should be no problems.

Now… the real problem lies in specialized software like CAD, CAE tools. I like Linux but there isnt a free CAD / CAE tool that is comparable to what the industries are using. In academic? absolutely you can use for research.

before learning all the new tools like Linux distros, vpns, compartmentalization, offline storage, security…etc.

You better start controlling the apps/services you are using NOW !

Youtube, Gmail, Facebook, X, Maps…etc. all has shit tons of data about you. Limit what they can use. Dont give your info out easily (main email account).

yeh and if i remember correct, there are no options in Samsunf Keyboard to control the clipboard history length. It still remembers what you copied 3 weeks ago…

My recommendation is to use another keyboard. SimpleKeyboard, FlorisBoard…etc.