Shot in the dark here, but has anyone used Island/Insular with #GrapheneOS in #Android ? (For those less familiar with it, Island/Insular is a tool by Oasis Feng that creates a custom work profile it manages to isolate apps installed within that profile. This way they don't get access to things most apps get access to on the host system -- even the stuff that doesn't have to ask for permission generally. Though there are a few things the work profile can still see.)
I'm having an issue that stuff I'm installing inside the island is disappearing after a while (specifically I guess after a reboot?) This doesn't occur in any other "ROM" I've used, so I think possibly it's related to the custom installer #GrapheneOS uses.
Anyone have any experience with this?
EDIT: Found a workaround.
To be clear, I have not had this issue with any of the other custom ROMs I've run. Of course that means LineageOS, but also /e/os and one other I've forgotten the name of just off the top of my head.
I want to switch to GrapheneOS since it offers a few security exras like an automatic reboot and a bit more permission control and such even though my phone is in the long term support only list now. (Eg just major security updates and that's all I get.)
BTW, a few apps show up fine. F-Droid and a few others. I may have to install in the mainland and then clone to install stuff that works, but a few apps I tried that with disappeared. (Maybe because I originally installed them from within the island first?) EDIT: Just realized, it may be the things that are in both that always show up.
That's it.
I still see one of the apps that disappears after a reboot if I install in the mainland and then disable (but not uninstall) it on the mainland.
Sure is a messy way to do it though. There has to be a better way.
@nazokiyoubinbou maybe I'm asking an ignorant question but won't users in @GrapheneOS offer enough isolation? I was under the impression that the so called «work profile» is the same as a user.
In fact I'm using users to separate different realms in my phone under the impression of such isolation.
Just checking if my assumptions are correct here.
@ojocle_olonam @GrapheneOS You mean having a separate user account? Perhaps so. I kind of like being able to just log in normally and then select what I want from an account instead of having multiple users, but perhaps that is the only way ultimately. However, this does mean that I can't control from one user account what runs in the background as another user doesn't it?
@nazokiyoubinbou @GrapheneOS control background is possible as per user settings. It is true it is all or nothing. Ultimately controlling individual apps could be done via permission
@ojocle_olonam @GrapheneOS Insular/Island gives me very convenient direct control of the apps running in the island. I can even create icons from it to run the "work apps" on my home launcher or freeze the apps directly from Insular/Island itself without having to relog.
Run in background off isn't the same thing as freeze btw. They still wake for checks.
At least with the way I'm using apps it's a lot more convenient and pleasant way to use an island and I'd really rather do that.
EDIT: BTW I want to be clear, this is only an issue with GrapheneOS for me. Insular/Island has worked with everything else for me just fine. So presumably it's just an issue like the installer or something that can be compensated for.
@nazokiyoubinbou will explore. I'm honey mooning with GrapheneOS still exploring and have many things still to implement to reproduce my previous non-private-owned-by-google experience.
Thanks for the insight. Will explore on Island.
@ojocle_olonam Insular is the F-Droid alternative.
@nazokiyoubinbou Work profiles, Private Space and secondary users are fully supported by GrapheneOS. Many people use them without issues. This is likely an issue with the apps you're using, possibly a compatibility issue with Android 15 QPR2.
Apps are more isolated than you seem to believe without using profiles. The main benefit is only being able to see and communicate with apps in the same profile along with having a separate VPN for each profile. We have Storage Scopes and Contact Scopes.
@GrapheneOS I have no doubt it's an issue specific to how Insular/Island works with GrapheneOS, yes. My guess is it doesn't get along with the different installer you seem to be using. In normal distros I get a popup when installing asking if I want to use the system package installer or Insular/Island as an installer, but I don't get that here. (Yes I checked the "open with" section of the app settings. Nothing shows up even though it is enabled.)
And yeah, I realize GrapheneOS does most of what this does. That was a key reason I switched to it. But this has a much simpler and extreme isolation for those apps I trust the least. I only want to do this for a handful of things.
@nazokiyoubinbou We don't use a different installer or anything like that. It's nearly all the same UI other than our privacy and security features. We don't change this part of the UI.
@GrapheneOS Maybe. I'm having some issues with other things like Aurora Store doing weird stuff. I don't even see the usual notification that an installation is taking place (it just happens quietly in the background.) It sure feels like the installer is different from stock. But maybe I'm misunderstanding something?
@nazokiyoubinbou There's nothing different about the UI or dialogs for installing apps compared to standard Android 15 QPR2. It takes longer because GrapheneOS compiles the apps ahead-of-time. GrapheneOS does not change any of the UI from the Android Open Source Project. There are minor UI differences between AOSP and Pixel SystemUI / Launcher but those are Pixel exclusive and not present on other Android devices or AOSP-based projects in general unless they made similar features which is rare.
@GrapheneOS Alright, I just find it strange that this one doesn't do anything like showing a notification or etc.
Anyway, I may have worked out a somewhat effective workaround. Not ideal, but it works I guess.
@nazokiyoubinbou Neither the stock Pixel OS or the Android Open Source Project do that. We have the same UI for installation as both of those. The only related differences are that the install dialog shows the Network toggle when relevant as our way of handling asking the user for the initial state of an added runtime permission toggle and it ahead-of-time compilation is done. The overall UI is the same.
@GrapheneOS Alright, maybe LineageOS uses a version that shows a notification indicating that it's doing something and that carried over into some of the derivatives.
(I haven't used the play store in a long time btw. Even back when I used gapps I installed stuff via Aurora and kept it frozen since it did stuff I didn't like, but I haven't installed gapps on any of my devices in some time.)
BTW on the Fediverse you can edit a post instead of deleting and rewriting.
> BTW on the Fediverse you can edit a post instead of deleting and rewriting.
We know, but we're used to not being able to do it on Twitter/X and Bluesky. The edits also don't bridge to Nostr and some people are following our posts through there.
@GrapheneOS Ok. Anyway, have a nice day. I've found a workaround that seems to kind of suit my use-case.