We download a ton of apps on our phones. Some of them might be sensitive apps about things like mental health, dating, or political campaigns.
Did you know that the apps on your phone can see which other apps you have installed?
Not only that: Apps can talk to each other and share information without you realizing it.
You don’t necessarily want some random app seeing a banking app on your phone, as it would tell them that you’re a customer of that bank. It could be used against you in scams or spear-phishing attacks.
What about telling your social media app that you have a campaign app for a certain politician? It might be enough for them to target you with certain political content, or even tag your account with some sort of flag.
We don’t know how someone might use information about our installed apps, so we might not want to hand over that information willy-nilly.
We talk a lot about GrapheneOS as a private OS for cell phones, and their default protections like sandboxing apps and storage scopes make it harder for apps to perform unwanted actions in the background or access sensitive information without explicit consent.
But these protections unfortunately don’t stop apps from communicating with each other. App communication is an ingrained function of how smartphones work. One thing you CAN do to stop app communication is to silo apps on different profiles.
Quick tips
- To set up a secondary profile on GrapheneOS, go to:
Settings > System > scroll to the bottom > select Multiple Users.
Select “Add user”.
Name your secondary profile.
- Disable “allow running in the background” — this means that every time you exit out of this profile, it’s like a hard reset on that part of the device. It puts the profile “at rest” so that the encryption keys for that profile are not available to the device, which means that this profile is protected from brute force pin attempts should anyone get access to the device.
- These profiles are isolated workspaces, with their own independent app installations, storage, settings, and permissions. You can configure different network settings, use a different VPN on each, and each profile has its own encryption keys.
- GrapheneOS also allows cross-user notification forwarding. If you want to be able to receive Signal notifications from your primary profile while you’re inside your secondary profile, for example, you can set that up so you don’t miss messages.
- If you have apps that won’t work without installing Google Play Services, you can install sandboxed Google Play on a secondary profile and put those apps in the same profile. You can silo the rest of your apps on another profile. This keeps Google Play Services from communicating unnecessarily with any of the other apps.
Secondary profiles are a great privacy tool to add to your toolbox.If you want to know how to install GrapheneOS on your phone, we have a video tutorial you can check out.
If you find our tips useful, please spread the word!
Yours in privacy,
Naomi
