I just bought a pixel from best buy to install gos, which was an ordeal.
At checkout they looked at me like I was up to no good when I said I didn’t want to give them my name, address, and phone number just to purchase the device. I didn’t set up a plan. They said it was for “restocking” or something.
Fortunately they accepted obviously fake info. These front line sales people just don’t care as long as they can say they followed the policy.
The user containers are very helpful. I have to have TikTok for work and I put it in a container all by itself with a vpn on kill switch. And for one app that needs google play services, I have it a container with that.
The duress passcode is super clever, too. You enter a different device passcode and it just wipes the device.
I recently bought a Pixel from a Google store and wasn't asked any personal information. I installed Graphene right away and the phone just works. I use FOSS apps obtained on F-Droid and don't bother with sandboxed Google Play and all that. For me that kind of defeats the point of a FOSS OS.
> Do you think Best Buy assigns cash serial numbers to individual products they sold, by default, always?
No but when you took that cash out of an ATM, it logged the serial numbers on the bills it gave you. Then when Best Buy deposited that cash at the bank they again scanned that serial number and can make an assumption that you spent that money at Best Buy.
What that information is used for, who knows? But the flow of cash is definitely logged somewhere, for some reason!
On GrapheneOS they're profiles. Pretty much the same as with the stock aosp, but they add very extensive support - like notifications forwarding and a perfect balance between security and convenience, 2FA with shorter pin.
It's incredibly useful! I have one profile for the "social" apps I don't trust (TikTok, Reddit, etc.). They can commingle. And there's another profile that contains the apps that rely on Google Play Services (e.g. something relies on google maps). As far as I understand it, it's like a strong firewall between them such that they are pretty close to having multiple different phones.
I understand that you have a concern, but may I ask what you mena specifically by "trust", and how would profiles help? Is it about accessing phone data or something else? As far as fingerprinting goes, I don't think profiles matter -- they already know who you are and can associate you with data from other sources.
I've successfully used Material Files [1] to set a nework shared folder (I think it was FTP) on one Android profile, and accessing it ("connecting" to it) from the other. So this might also work between GrapheneOS profiles.
You can share with file synchronisation apps like Syncthing/Ouisync [0], exploit a temporary weakness in the isolation model with Inter Profile Sharing [1], or simply copy the files over to an external storage device and transfer them that way.
Yes, but a small subset of the GrapheneOS features are enhancements to user profiles and Private Space. We enable more of the standard user profile functionality that's usually not available (such as ending secondary user sessions or toggling them running the background) and add extra features such as notification forwarding. For Private Space, we enable making them in secondary users instead of only Owner and provide control over clipboard sharing instead of it always being shared with the parent profile (the user it's nested in).
Our more prominent 2-factor fingerprint authentication feature is also relevant when switching between users a lot.
The only thing I don't like from private space is that all notifications from apps inside private space are hidden. Wish that was configurable. I use private space for containerization, not to hide things.
True, although on GrapheneOS, apps on different profiles can remain active when you switch and notifications can be sent to the primary profile if you choose.
Secure folder is an older approach to what Android provides via the standard Private Space feature since Android 15. Private Space and work profiles are based on the same infrastructure as secondary users including per-profile encryption keys, although typically work profile management apps don't take advantage of it.
Well, nobody's forced it, but my company publishes content on TikTok that drives customers, and I want to be able to see it myself. You'd be surprised how many CISOs and security workers are on TikTok.
What kind of 2FA? I run OTP on my work laptop. Yes, it's maybe not really a 2nd factor if someone had access to my laptop with LUKS open. But at least I don't expect any automated attack because it's my own piece of code using an otp library.
At checkout they looked at me like I was up to no good when I said I didn’t want to give them my name, address, and phone number just to purchase the device. I didn’t set up a plan. They said it was for “restocking” or something.
Fortunately they accepted obviously fake info. These front line sales people just don’t care as long as they can say they followed the policy.
The user containers are very helpful. I have to have TikTok for work and I put it in a container all by itself with a vpn on kill switch. And for one app that needs google play services, I have it a container with that.
The duress passcode is super clever, too. You enter a different device passcode and it just wipes the device.