Conversation
This Tweet was deleted by the Tweet author. Learn more
WhatsApp and other Facebook apps work well on GrapheneOS and they can be installed in a dedicated user profile to handle their aggressive demands for permissions and other access by giving them their own isolated workspace.
4
This Tweet was deleted by the Tweet author. Learn more
User installed apps are always sandboxed. You don't need to do anything special to achieve that. Talking about using them in a user profile where you can grant them access to contacts, files in the user storage directory, etc. without giving them personal info.
1
5
User profiles are isolated workspaces. They have their own instance of installed apps with separate data and their own profile data. Apps can't communicate or share data across them except via the network. Network access (direct or indirect) has a permission toggle on GrapheneOS.
1
5
grapheneos.org/faq explains some of this and in particular has detailed information on how encryption works with user profiles. Each user profile has separate encryption keys. Apps are sandboxed without user profiles. They exist to provide separate isolated workspaces.
6
This Tweet was deleted by the Tweet author. Learn more
By the way, meant to link grapheneos.org/faq#encryption to link directly to the section on encryption rather than the FAQ as a whole. It has really good information on the baseline disk encryption. It barely covers the hardware keystore features. Can be another section added later on.
