I´m looking for a good sandboxingapp/isolationapp for my smartphone.
Running Linux Lite on my computer I´m accustomed to running many processes in a sandbox (firejail).
Basically I´m looking for something similar for my phone.
I am a bit reluctant to try out either of them because my research showed some information saying it might be dangerous to install Insular.
And Insular is based on Island. (see here) f-droid references this page where it says:
DISCLAIMER
This beta version may be dangerous on some Android devices, it may cause boot-loop and even brick your device.
As for shelter …
After the first start of the app, Shelter displays a warning. The developer warns against using devices on which Shelter can crash or make it completely unusable.
Please understand all apps on Android are already sandboxed. If you want to be able to grant less-trustworthy apps permissions that they demand such as contacts or files access then install them in a work profile (eg. Shelter). This would let them access any saved contacts or files in the work profile but not of your true main user. So be sure to not actually store any sensitive information in the work profile!
@rafnov
primarily since Android 4.2 which added SELinux support, more so in Android 8.0 which made use of seccomp for syscall restrictions, and more and more in each version
That´s alright. I´m glad to get any reports from first hand experience.
Thank you very much.
I guess I´d have to try out either of the three apps to see if it works on my system.
But from what I´ve heard so far there shouldn´t be any problems.
When an app is installed in shelter then does the app installed knows the imei number, the google account logged in the main profile etc.? I mean how easy is it for the app to know about the main profile user?
Thank you. but imei or other identifiers it cannot be seen>>>> Then what exactly does the app see or identify that this device is say a nokia 1000? I mean if you install some apps, especially banking apps and use account 1 in them. Then somehow it binds that account 1 with that phone. Now even if you later format the phone or remove all the google accounts and then try to register on that app using account 2, then it will tell you that this device was registered with account 1. Please visit the bank branch and give authorization letter to shift it to account 2. What does the app know here about the device?
No no that is not my question. My question is when an app is installed in a phone, what does that app know about the phone or about other apps installed in that phone? @SkewedZeppelin has mentioned that they might be able to see the google account and not the imei number or the other identifies. All clear till here.
Now if you use some apps, especially banking apps, and log in using account 1 and later if you try to login using account 2 then they display a message that this device was logged in using account 1. If you want to use account 2 in this device then write a letter to your bank. You mentioned about deive name. So, my question is did this banking app identify the device using device name? If yes then can that be changed?
Unless, the phone OS hides it, it will be able to see IMEI number from how I understand it. Also, if I understand it correctly, apps can see other apps installed but only with a given profile so a work profile app can only see other things in the work profile. It can’t see main profile. Phones support multiple “accounts” essentially and those are isolated from each other. Every “account” can have one main profile and one work profile. Apps can only see other apps within its profile.
Also, Island has worked fine for me on several android versions on phones like Motorola, LG and Google. It works on LineageOS and GrapheneOS.
