Feature request for improving app privacy by isolating apps
Summary
Hi, I would like to propose a new feature that can improve users privacy by isolating apps so they cannot access other apps usage data and stored information.
Description
There is an existing functionality in Android since android 10, and that is Work profiles. So what this does is, it creates a separate profile or container for apps that cannot access main profile and has their own compartments to store and access data. Using this built-in feature, some apps like Island which is still in development phase can create isolated installations of apps. But the problem is, it does not work great, neither we can manage the isolated apps in good manner.
So if /e/OS can implement it with better controls and management, it can turn out to be a great feature for /e/OS which will make /e/OS stand apart and more private.
So why this is important?
Some of the users needs to use apps such as Facebook for business case. There are tons of other apps that are privacy invasive yet we are forced to use for business purpose or other causes. This may help users use apps without them recording usage data. Because each container will contain a single app with no data in it except its own data, it cannot record usage data, collect contact info or access other kind of data.
Examples
- User has to use an app for a business task
- That app is privacy invasive and wont run until all the permissions are given
- Users forces to give away data in returns for important use case
- /e/OS gives an option to workaround this with isolated installation
- User install this app from the App Store with the "Prevent this app from accessing your data" option checked
- When installed from an APK file, /e/OS also prompts if user want to use an option labeled "Prevent this app from accessing your data"
- If the app is already installed, there is an option to move that app in isolated container
- User now installs it in isolated mode and can use it without the fear of the app collecting sensitive data
- User is now happy
Resources and technical points
Android started rolling out Work profiles from version 5.0 (API lvl-22) but it came out with more polishes and improvement in Android 9+. So majority of the devices have work profiles built in that can be used as base to create a management tool on top of it. See Android documentation on work profile. There is also an YouTube video explaining ways to build apps for work profile.
The main intention of Work profile is to ensure safety of enterprise data such as organization controlled apps, confidential data etc. But it can be used not only for enterprise use case, but also for protecting users privacy in general circumstances. There are apps using it to provide isolated app installation for privacy protection. It can also be used for cloning apps, used by Parallel and similar apps.
I recently stumbled upon a nice read which I will link here. There is another app that is similar to this, but with different set of features you can check from here.
Reflection
I will soon add a mockup or a wireframe of an example