What is and isn't the Private Space good for?

In the Settings app on iodeOS on your Brax3, under “Security & privacy” there is an option called “Private Space”. This Private Space says it’s to keep private apps locked and hidden. On the setup page it claims that you can “Hide and lock private apps in a separate space. Use a dedicated Google Account for extra security.” Also there’s a proviso that “Apps stop when you lock your space.”

In my mind this brings up a few questions. Aside from putting banking and financial apps in the private space for extra security, what about using apps that require a Google account log in? To add context to that question, it is common knowledge in privacy circles that if you don’t want Google to track you, then you shouldn’t install and log into any apps that require a Google log in. Otherwise, as Rob puts it, “You’re Zucked.” They can track you. However, this private space feature specifically mentions logging into a Google account, and that apps are stopped and won’t run in the background when you lock your space. Does this mean that apps with trackers will track you when the private space is open, but then stop tracking you when you lock the private space, or is that false?

Does the private space allow us to use, for example, streaming apps that definitely track you, or Canva, or the Amazon shopping app, but shut down the tracking when you’re done, OR does private space offer a false sense of security where that is concerned? Are you still opening yourself up to being spied on by installing big tech apps to private space, or is there nuance to the use of private space where the spying is restricted to while it is open?

Speaking of Canva, do photos saved to private space stay on private space and become un-viewable when it’s locked? Or are photos still saved to the general memory, can be accessed in and out of private space, and can be used for making a photo album in Canva?

The private space works similarly to creating a different profile, if you’re familiar with it.

Basically this allows you to create a different isolated environment, where you can install apps. It allows you to:

• limit access of apps from your main environment to data in the private space and vice versa.
• allows you to add an additional authentication required to access your private space;
• allows you to use multiple accounts of the same app;
• also allows you to “hide” notifications from apps installed in the private space, and access those once you access the private space.

If you can benefit from any of the above, using private space is a decent way to achieve your objective.

The message that it’s more secure if you log in to your google account, is a message coming from AOSP. I wouldn’t follow that advice.

Can Private Space be used with a sandbox app like a Profile? Or is it defined differently so not compatible? e.g. Can Shelter run in the Private Space?

Edit: Reason I ask is I also understand that in theory you can use more than 2 profiles in iodéOS, but I saw references (from last last year) that there is a bug with doing that (or there was, at least, back then). So also wondering if that is correct - that you can do more than 2 profiles, but if so are there any known issues with that? And hence why I’m interested in private space (as ideally I want 3 ‘profiles’ minimum on my device).

So I had a play with private space… When I tried to set it up and chose to use a unique pin it asked me to enter it but there was no save / next / enter option - so I had to close the settings app. Howevee it srill setup private space defaukting to my existing screen lock pin.

It cloned about 20 or so default apps ‘by default’ but you couldn’t remove or disable any you didn’t want! Thanks private space for adding 20 unnecessary apps…

I installed an app inside private space and that seemed to go okay, and the cloned iodé app seemed to work as expected for customised blocking band such.

And seemed to be able to adjust permission controls in settings…

So I have been playing around with this a bit more - and seems to work okay. You can easily set permissions from your main settings app, and the cloned iodé app inside private space seems to work fine also.

You get a poor mans version of Shelter because effectively (at least according to documentation) when you lock private space (and presumably all apps are closed) everything is effectively ‘frozen’ inside the private profile until you unlock it.

So the only thing I’m unclear on is can the apps inside private space see each other and/or each others data? My understanding is Shelter (in the Work Profile) prevents this, at least to some degree but not 100% sure. I’m assuming in Private Space this isn’t the case…

In my use case I’m currently testing with a banking app (although I’m undecided if I will keep the banking app on my phone. But my actual intention for a use case is the reverse of private space’s designed purpose - I want to put all the undesirable apps in there I don’t really want on board but need to, such as: Daiken Heat Pump Controller, Tesla Solar Power Controller, Irrigation System Controller, etc… and use it to keep them isolated from my main personal apps and unable to access anything useful on the device, while locking down their permissions and as much access on everything as possible in settings & iodé firewall app.

I’m thinking using it this way and not having it to use ‘as intended’ to secure any key apps (like banking, password manager, etc) is the lesser of the evils - given privacy is more a priority that the physical security aspect?

BUT I am wondering if instead I should put my work apps in there (as it’s only 2 apps - MS Outlook & Teams - and instead I use the Work Profile (with Shelter) to put all the undesirable apps in - as then I can control them individually and they are more locked down. As the work apps are both Microsloppy it doesn’t matter which one is active, they are still going to try and call home with lots of telemetry…

Also I’ve been using these 2 articles initially as primary source of info on how to use Private Space and what it does:

(you can ignore all the "works best with a Google Account stuff in the above.)

EDIT: And this is the other article I used to get familiar with private space:

UPDATE: Additional Question:

So I have repurposed Private Space to use as a work profile (so I can use Work Profile with Shelter for my several undesirable personal spps) - as I only have 2 apps for work and both are Microsoft.

So the one thing I’m trying to figure out is if I can actually share the contacts (from MS Outlook) one way to my Contacts, Messages and/or Phone app (they are only needed for SMS and calls in/out). Can’t seem to see any option for cross profile share unlike the Work Profile? Anyone know if it is actually possible?

…and if it is can you do so safely (from perspective of preventing sending any contact data or similar back to the apps in Private Space - in my case my work apps)?