I got a new phone. Skipped a few generations and now I’m running the current GrapheneOS, based on Android 15. I’ve moved most of the apps, but now I’d like to install my 3 banking apps and 5 discount program spyware apps. I guess I best separate them from the rest of the arbitrary stuff. Banking apps so they can’t be messed with, and shady discount programs so those apps can’t mess with me and my data…

The internet has a lot of information about Shelter, work profiles, the new(?) private spaces… But I don’t know what is current advice and what’s outdated advice… What’s the current best practice?

  • gid@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    8 days ago

    As I understand it, the banking apps should benefit most from the default sandboxing in GrapheneOS. I’m not sure there’s much benefit in further separation of them is there?

    • hendrik@palaver.p3x.deOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      8 days ago

      Good question. I mean that’s why I wrote exactly what I’m trying to do… And on second thought… I don’t want to bury them completely, since I need the bank and PayPal to send me notifications and pop up once I need to confirm some transaction…

      Maybe I should just install them as is, and use that private space feature for random stuff that collects my data and sells it to third parties.

      • oldfart@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 days ago

        Can’t you just run them when you expect a notification? How many times a week do you do online shopping that this is a chore

        • hendrik@palaver.p3x.deOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 days ago

          Yeah, I could do that, too. I’m usually aware of when I click some “order” button… And I’m not sure if I’d miss the push notifications when I finished the supermarket check-out and swiped my bank card… I guess I could do both. After yesterday’s advice, I just installed them into my main profile. Maybe I should check the permissions of PayPal and the other app and see if I like my current approach.

      • gid@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        8 days ago

        Yeah that sounds like the best solution.

        Just FYI some banking apps don’t work on GrapheneOS (ones that check for strict SafetyNet support I think).

        • hendrik@palaver.p3x.deOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          8 days ago

          Yeah, F them. I got some hardware TAN generator because I had that issue before. If they force me to use some stock version of Android, I’ll just delete their app… So no issues there. 😉 I can live the old-school life without Google Pay… Seems PayPal and my current bank do work without issues.

          Thanks!