Looking for isolation apps (e.g. shelter)

Hi all, :wave:

info:
my smartphone: Samsung Galaxy A04s

I´m looking for a good sandboxing app/isolation app for my smartphone.

Running Linux Lite on my computer I´m accustomed to running many processes in a sandbox (firejail).
Basically I´m looking for something similar for my phone. :blush:

On Frequently Asked Questions - Insular there´s an overview/comparison of “Island”, “Shelter” and “Insular”.

F-droid lists “Shelter” and “Insular” as available.
There used to be “WebApps” as well but this isn´t available on f-droid any longer, it seems.

So I´m leaning towards “Shelter”.

Does anyone have any experience with it so far :question:
Is installation and usage without problems?

Many thanks in advance and many greetings from Rosika :slightly_smiling_face:

1 Like

both use the Android “work profile” functionality

try them both (separately) and see which one works better

do report back :slight_smile:

1 Like

Apps in recent Android operating systems are already sandboxed.

https://source.android.com/docs/security/app-sandbox

1 Like

Hi @Licaon_Kter , :wave:

thanks a lot for your reply.

I am a bit reluctant to try out either of them because my research showed some information saying it might be dangerous to install Insular.
And Insular is based on Island. (see here)
f-droid references this page where it says:

DISCLAIMER

This beta version may be dangerous on some Android devices, it may cause boot-loop and even brick your device.

As for shelter …

After the first start of the app, Shelter displays a warning. The developer warns against using devices on which Shelter can crash or make it completely unusable.

(from here, in German though).

Therefore I was looking for some first-hand information from users.

Thanks again and many greetings from Rosika :slightly_smiling_face:

Hi @m999 , :wave:

thank you for this information and for providing the link.

I didn´t know that.
My Android version is android 14.

Well, I´ll take a good look at what they have to say.

Thanks again and many greetings from Rosika :slightly_smiling_face:

Am maintainer of Firejail: these are not the same

Please understand all apps on Android are already sandboxed. If you want to be able to grant less-trustworthy apps permissions that they demand such as contacts or files access then install them in a work profile (eg. Shelter). This would let them access any saved contacts or files in the work profile but not of your true main user. So be sure to not actually store any sensitive information in the work profile!

We can only say “it works for me”, is that enough?

Insular was ok for me on Android 11, 12, 13 and 14, on devices from Google, Sony, Xiaomi.

Should work fine on Samsung too, imho, unless Samsung made any grave mistakes.

But software can and has bugs. Hence the warning.

Since when?

@rafnov
primarily since Android 4.2 which added SELinux support, more so in Android 8.0 which made use of seccomp for syscall restrictions, and more and more in each version

1 Like

I’m using Shelter on my LineageOS phone to duplicate some apps (for work, mostly). So far I didn’t have any problems.

Hi again, :wave:

thanks to all of you for your latest comments. :heart:

@SkewedZeppelin :

Thanks. So you and @m999 confirmed that this is the case. That´s reassuring.

I see. That´s good to know. Thanks a lot.

@Licaon_Kter :

That´s alright. I´m glad to get any reports from first hand experience.
Thank you very much.
I guess I´d have to try out either of the three apps to see if it works on my system.
But from what I´ve heard so far there shouldn´t be any problems.

@bene64 :

Thanks for sharing your experience.
I think I´ll go for shelter. It was my first choice anyway.

Thanks to @rafnov as well.
Good question. The answer @SkewedZeppelin provided was quite interesting.

Many greetings to all of you from Rosika :slightly_smiling_face:

When an app is installed in shelter then does the app installed knows the imei number, the google account logged in the main profile etc.? I mean how easy is it for the app to know about the main profile user?

@bond007 on stock it may be able to see google account if signed in, but imei or other identifiers it cannot be seen

1 Like

Thank you. but imei or other identifiers it cannot be seen>>>> Then what exactly does the app see or identify that this device is say a nokia 1000? I mean if you install some apps, especially banking apps and use account 1 in them. Then somehow it binds that account 1 with that phone. Now even if you later format the phone or remove all the google accounts and then try to register on that app using account 2, then it will tell you that this device was registered with account 1. Please visit the bank branch and give authorization letter to shift it to account 2. What does the app know here about the device?

device name is a separate property

So, it tracks only using device name? Device name can be changed, right? @Licaon_Kter

@Licaon_Kter Please clear this doubt

I can’t know what some random proprietary apps does or does not

1 Like

No no that is not my question. My question is when an app is installed in a phone, what does that app know about the phone or about other apps installed in that phone? @SkewedZeppelin has mentioned that they might be able to see the google account and not the imei number or the other identifies. All clear till here.

Now if you use some apps, especially banking apps, and log in using account 1 and later if you try to login using account 2 then they display a message that this device was logged in using account 1. If you want to use account 2 in this device then write a letter to your bank. You mentioned about deive name. So, my question is did this banking app identify the device using device name? If yes then can that be changed?