[Feature Request] Allow owner profile to install any app on device on any other profile

GrapheneOS / os-issue-tracker

Issue tracker for GrapheneOS Android Open Source Project hardening work. Standalone projects like Auditor, AttestationServer and hardened_malloc have their own dedicated trackers.

https://grapheneos.org/

364 stars 21 forks source link

[Feature Request] Allow owner profile to install any app on device on any other profile #4034

Open nikongod opened 2 months ago

nikongod commented 2 months ago

Hello

I would like to be able to have the owner profile install any app installed on the phone into any other profile.

At present the owner profile can only install apps that are installed in the owner profile its self. This is not intuitive to me since the owner can see every app installed on the phone.

This would simplify installing the same app on multiple profiles WITHOUT using the owner - at present its pretty cumbersome.

thestinger commented 2 months ago

It works this way for security reasons since the secondary profiles may be used by actually different people or with a different security approach and we can't assume it's safe to treat the APKs installed only in a secondary profile as installed by Owner.

thestinger commented 2 months ago

We temporarily did what you're proposing and had to revert it. If we did it again, we'd have to do something to avoid a security issue by marking which user(s) it's installed in and grouping it separately.