If one sets up a second user account on an Android phone but uses the same Google account, are the apps still sandboxed when using the primary account?
Example:
User 1 - Primary phone user account, has most apps
User 2 - “social media” account, same Google account as User 1 but this account is where social media apps are installed.
Is it safe to say when logged in as User 1, the social media apps in User 2 are not still collecting data such as BT points, wifi info, app usage etc?
Reference materials:
I didn’t go nearly as far is the hated one- not flashing a ROM, not using a different google account, I just want sandboxing when the apps are not in use.
Android User account info (referring to mid-bottom section of upvoted reply):
I do not have a definitive answer but to my understanding:
You are using the same device with the same serial number
Google can see the same device ID between accounts
The question is, do we trust Google that they wont divulge the same device ID to (lets say) Facebook on Profile1/Account1 to an isolated “new” account?
I dont know but my hunch is, if you are using a phone designed and marketed for an Asian market (Xiaomi/Realme/Oppo/etc), it is likely yes. To a greater extent of certainty, surveillance phones like Huawei will report the same ID to the relevant authorities.
I’m not so much stuck on the ID UID thing, and since I’m using the same google account for both user accounts on the phone I imagine whatever I do on both accounts is all data grabbed and merged. I’d even expect that APIs like what I do on account 1 on MyFitnessPal etc gets input into Facebook (but all that info is being got one way or another).
What the goal is, is for Facebook, social app X, Y and Z to not get bluetooth pings from the businesses I’m walking by, wifi SSIDs I’m walking/driving by and also not running in the background consuming resources when I’m logged into user account 1 in which the apps are not installed under.
If you want to be more serious about the privacy gain: While another User Account will help, you’ll have to go further to avoid location tracking:
Make your phone use a randomized mac address
Always Disable Wifi and Bluetooth unless actively in use
Revoke all Permissions that are not needed for the app to function (it wants more for sure!)
Set Permissions to “Ask every time” when possible / realistic, otherwise to “Only while running”.
This will make things better, although at the very least Google and your phone company will still know your location.
Should you ever want to go deeper down the rabbit hole, I’d recommend to install GrapheneOS since it gives you a private-by-default foundation for your phone and you can layer what you need on top of that.
I think the question is being missed. This isn’t a privacy thing in the typical conventional sense, else I’d just graphene OS or calyxos, degoogle.
I just want to “turn off” those apps when not being used and I have ZERO faith in the privacy menu for said apps in Android. I understand when I switch to user #2 it’s fair game they will get location, wifi, Bluetooth etc. But when logged as user 1 I want to know if user 2 apps are still peaking into file paths, location data etc- in which case might as well not even bother with the second user account.
The second link I supplied goes deep I to these file and API permissions and the post question is a sanity check on it vs. going full on rabbit hole and be like “the hated one”.
I hope for the thread to not off topic into a rom thread or Google API thread, but a ‘can user 2 apps see phone data when user 1 is logged in?’ thread.
Or another way to put it, imagine a user that doesn’t give a care what apps and services are running on the phone, but intermittently puts the phone in an Faraday bag and runs around town with it, gets home and pulls it back out. It’s not hiding from Google, Facebook etc, but just for small bits of time, making a little black hole in their data mining timeline. In this case just for specific apps.
Or yet in other words, are these user 2 apps effectively sand boxed from wifi, Bluetooth etc when user 2 is not logged in?
Short answer, yes.
As far as I can tell, if the second user is not logged in, the apps don’t get to do anything.
But I do believe they’re allowed to run in background if you gave background permissions and switch back to the othe user.
Therefore I recommended to tighten down permissions so only foreground activity is allowed.
I understand you don’t want to get too involved with the whole privacy thing.
But due to just how many data brokers there are, reality is that unless you also go with some of the steps I outlined in the other post, you won’t actually create a black hole for facebook and co. during that time.
I think you can test in a way in that if you search with certain keywords and if the relevant ad shows in the other profile as well, then you can assume, some identity linking is happening and that no true profile isolation is happening.
Solid idea, and I’m thinking of Wiresharking while on user 2 and using the nasty apps, then switch to user 1 and seeing if the phone is still sending traffic to IPs just used by nasty apps earlier.
100 agree, Its down right depressing thinking about all of the data aggregation and user attribution making privacy next to impossible.
There is a ‘what phone should I buy’ thread here and I even commented privacy is not a factor for me, imo there isn’t a lesser evil if between OEM android or iOS.
