Since you’re here, do you know if SIMs “just work” with different profiles? Can I restrict them to a specific profile? I’m guessing SIMs are a completely separate concept from profiles (which AFAIK just manages apps), but this is my first time with GrapheneOS.
As far as I can see, no. But what benefit would that really have? Network settings (including mobile networks) are global. The only thing that’s profile-specific is your VPN setting. You can only disable a profile’s ability to use the phone/SMS feature. Profiles generally manage apps, user data and some settings.
The benefit is that I could block apps installed to one profile from using my data (i.e. wifi only), while allow apps on the other to use it. I could install something like NetGuard, but I also use a VPN, and it’s one or the other with that IIRC (at least on my old phone, I can only use one VPN at a time).
Ok that actually makes sense. I just realized that the fucking iPhone has this feature, but Android doesn’t. GrapheneOS doesn’t implement any custom features that aren’t privacy/security related. And no, unfortunately you don’t get a second VPN slot either.
Pretty hard. If you don’t have prior experience with the AOSP codebase, I’d say it’s impossible. But if you want to get started, this is how to build GrapheneOS from source: https://grapheneos.org/build
My threat model isn’t such that I need it, it’s just really annoying. GrapheneOS does allow blocking network per-app, which is a sufficient workaround. It’s a bit tedious, but I can do the following:
disable network on sensitive apps
disable NetGuard and enable other VPN
finish what I was doing
undo step 2
undo step 1
I really wish there was a way to get VPNs and NetGuard playing nicely together. I want all traffic to be filtered by NetGuard, and then routed over the VPN. This is trivial on Linux, but apparently not so on Android, which is a shame.
There might be an easier way to accomplish this. The RethinkDNS app has a built-in Firewall and WireGuard VPN client. It also allows you to configure per-app Wifi and cellular data separately. The only caveat is that you would need to manually import the WireGuard profiles from your VPN provider.
Google Fi is the one thing I have no experience with, as I’m not American. But all SIMs should work fine on Graphene, and eSIMs are supported through a compatibility layer, which enables Google’s proprietary eSIM management tool (this is not the same as Sandboxed Google Play services, and you don’t need Google Play for eSIMs). All the eSIMs and physical SIMs I tried work just fine. Google Fi seems to work, according to this thread on the Graphene Forum: https://discuss.grapheneos.org/d/7950-does-grapheneos-work-with-google-fi/6
Cool.
Since you’re here, do you know if SIMs “just work” with different profiles? Can I restrict them to a specific profile? I’m guessing SIMs are a completely separate concept from profiles (which AFAIK just manages apps), but this is my first time with GrapheneOS.
As far as I can see, no. But what benefit would that really have? Network settings (including mobile networks) are global. The only thing that’s profile-specific is your VPN setting. You can only disable a profile’s ability to use the phone/SMS feature. Profiles generally manage apps, user data and some settings.
The benefit is that I could block apps installed to one profile from using my data (i.e. wifi only), while allow apps on the other to use it. I could install something like NetGuard, but I also use a VPN, and it’s one or the other with that IIRC (at least on my old phone, I can only use one VPN at a time).
Ok that actually makes sense. I just realized that the fucking iPhone has this feature, but Android doesn’t. GrapheneOS doesn’t implement any custom features that aren’t privacy/security related. And no, unfortunately you don’t get a second VPN slot either.
Maybe I’ll try to hack one in, how hard could it be? 😅
Pretty hard. If you don’t have prior experience with the AOSP codebase, I’d say it’s impossible. But if you want to get started, this is how to build GrapheneOS from source: https://grapheneos.org/build
I meant it more tongue-in-cheek :)
My threat model isn’t such that I need it, it’s just really annoying. GrapheneOS does allow blocking network per-app, which is a sufficient workaround. It’s a bit tedious, but I can do the following:
I really wish there was a way to get VPNs and NetGuard playing nicely together. I want all traffic to be filtered by NetGuard, and then routed over the VPN. This is trivial on Linux, but apparently not so on Android, which is a shame.
There might be an easier way to accomplish this. The RethinkDNS app has a built-in Firewall and WireGuard VPN client. It also allows you to configure per-app Wifi and cellular data separately. The only caveat is that you would need to manually import the WireGuard profiles from your VPN provider.