On GrapheneOS they're profiles. Pretty much the same as with the stock aosp, but they add very extensive support - like notifications forwarding and a perfect balance between security and convenience, 2FA with shorter pin.

> but they add very extensive support

Huh, I didn't realize they had added additional functionality not present on stock Android. Thanks!

It's incredibly useful! I have one profile for the "social" apps I don't trust (TikTok, Reddit, etc.). They can commingle. And there's another profile that contains the apps that rely on Google Play Services (e.g. something relies on google maps). As far as I understand it, it's like a strong firewall between them such that they are pretty close to having multiple different phones.

It's not really like having multiple phones. User profiles are a useful features, also for privacy, but they are not a privacy or security silver bullet. Within any given user profile, apps are sandboxes. An app can't peak into the contents or internal data of another app and can't access things it isn't given access to per the permissions. Despite not being able to peek into other apps, apps can use IPC to communicate with other apps bases on MUTUAL consent.

User profiles (secondary profiles, private space) don't enhance this sandboxing. The apps already were sandboxed. What they do, though, is aid in isolation in a number of ways. The allow the use of a seperate VPN slot which can help split up identities, they restrict the IPC to communication with apps within that profile (not other profiles), they have separate clipboard, user data and non-global settings, they have distinct encryption keys and can be put at rest on demand without rebooting the phone (not possible for Owner profile).

I understand that you have a concern, but may I ask what you mena specifically by "trust", and how would profiles help? Is it about accessing phone data or something else? As far as fingerprinting goes, I don't think profiles matter -- they already know who you are and can associate you with data from other sources.

What about settings, though? Don't you have to set up each user profile separately?

Also, what if you ever want to share a file across user profiles?

Sharing files requires a bit of creativity.

You can share with file synchronisation apps like Syncthing/Ouisync [0], exploit a temporary weakness in the isolation model with Inter Profile Sharing [1], or simply copy the files over to an external storage device and transfer them that way.

[0]https://github.com/Catfriend1/syncthing-android

[0]https://github.com/equalitie/ouisync

[1]https://github.com/VentralDigital/InterProfileSharing

I've successfully used Material Files [1] to set a nework shared folder (I think it was FTP) on one Android profile, and accessing it ("connecting" to it) from the other. So this might also work between GrapheneOS profiles.

[1]: https://f-droid.org/packages/me.zhanghai.android.files/

See: https://github.com/VentralDigital/InterProfileSharing

It also shows that profiles can't really prevent an app from correlating profiles on the same device, by listening on a local socket.

If you disallow Network permission to an app (a GrapheneOS feature), local network access is also disabled.

You can use Seedvault to make and restore a backup. Set up a secondary user profile with settings only (no apps yet), make a backup and use that in future for initializing other profiles.

There are apps like Inter Profile sharing (appID: digital.ventral.ips).

Yes, but a small subset of the GrapheneOS features are enhancements to user profiles and Private Space. We enable more of the standard user profile functionality that's usually not available (such as ending secondary user sessions or toggling them running the background) and add extra features such as notification forwarding. For Private Space, we enable making them in secondary users instead of only Owner and provide control over clipboard sharing instead of it always being shared with the parent profile (the user it's nested in).

Our more prominent 2-factor fingerprint authentication feature is also relevant when switching between users a lot.

The only thing I don't like from private space is that all notifications from apps inside private space are hidden. Wish that was configurable. I use private space for containerization, not to hide things.

True, although on GrapheneOS, apps on different profiles can remain active when you switch and notifications can be sent to the primary profile if you choose.

I think it depends on the Android distribution. I am not sure it is available on Samsung's One UI.

Multiple user is available on Samsung. Both multiple profiles as well as work profile.

Samsung also has "secure folder" which isolates apps and files and presumably uses multiple users to do the isolation.

Secure folder is an older approach to what Android provides via the standard Private Space feature since Android 15. Private Space and work profiles are based on the same infrastructure as secondary users including per-profile encryption keys, although typically work profile management apps don't take advantage of it.

Apparently multiple user profiles is available on their tablets but not on their smartphones.

last time I tried, my samsung phone couldn't use multiple profiles. it is a setting that has been disabled in oneUI since a few years. Don't ask me why.