Hi,
I’ve just installed /e/OS S 1.7 and I’m really into the Advanced Privacy app.
However, I’ve had to install Shelter to use work-related apps like Teams and MS365 accounts. Now, When turning on the Advanced Privacy tracker blocker, the Microsoft apps inside shelter obviously won’t work anymore.
So inside Shelter, I cloned the Advanced Privacy app to configure stuff inside the work profile, which unfortunately doesn’t seem to work since AP doesn’t even recognize the apps that need to be turned off for tracker blocking.
Does anyone have any experience with using AP combined with Shelter / work profiles?
If you read the gitlab issue on what jacquarg is commenting you’ll get an idea of what the current limitation is… it seems the use-case of “whitelisting a tracker for an app in a work-profile” isn’t accounted for yet
Trackers control: the first Advanced Privacy instance to start is the one which take the control around tracker detection and blocker. It should be the one from Main profile.
I’ve been using Shelter on my FP4 for about a month, during which I received the 1.12.3 update. I use it to isolate and freeze a small number of government and state broadcaster apps from the App Lounge because they have lots of background trackers. I’ve learnt a few things:
Recent builds’ Shelter behaviour, general hints
Advanced Privacy (AP) is one of the system apps that are cloned to the Work profile when it’s created
Right now (1.12.3), the limitations of Advanced Privacy linked to by tcecyk above mean that it’s best to leave AP as [Frozen] in the Work profile:
“the first Advanced Privacy instance to start is the one which take the control around tracker detection and blocker”
if AP is kept as [Frozen], this ensures it doesn’t start at device reboot
Work profile APs currently have confusing and contradictory behaviour for Fake Location and Hide My IP (see the link). I never really want Fake Location, and the apps I keep in my Work profile mostly require real IP to work, so freezing the Work profile’s AP work well for me.
I could just delete the Work profile’s Advanced Privacy instead, but it’s possible that its behaviour could improve in a future revision. It serves as a reminder in its current state
Shelter in 1.12.3, procedure to follow at reboot
The new build’s Advanced Privacy can distinguish between Work profile and Personal profile apps. It displays a little briefcase icon in blue next to the work profile apps, like the rest of the AOSP OS. However there are a couple of oddities:
Bliss Launcher is still very slow to update when an app is un-frozen, and this is confusing.
During a session, it’s rare for an unfrozen app’s own icon to appear.
They rarely disappear by themselves after an app is frozen, but if you tap one after an app has been frozen, Bliss Launcher will update (crash and restart?) and after that, the icons of recently frozen apps
I would really like Bliss to have a refresh button.
Bliss doesn’t display the little briefcase marker (see screenshot)
So the Personal profile’s Advanced Privacy can record tracker attempts for apps in the Work profile now! That’s great. However it still seemingly loses track of an app if the app is [Frozen] just before the device restarts. I guess it’s building its little app-tracking database at startup. If you follow the procedure below, however, the Personal profile’s AP can visibly track the autofreeze apps after device restart:
Ensure you have a Batch-Freeze shortcut in your launcher. This shortcut freezes all apps on Shelter’s Auto-Freeze list. It looks like a green circle with 3 "Z"s in it, inside the white border you get for shortcuts in Bliss. To create this shortcut, launch Shelter and:
Tap the “3 dots” icon in the top right of the screen
Choose Create Batch Freeze Shortcut
Your launcher will now have a batch-freeze shortcut labelled Freeze
Each time before you restart the phone, launch Shelter and Unfreeze each app you want AP to know about. In my case, that’s BBC Sounds, BBC iPlayer, and the NHS App.
Tap each app’s row in the Shelter tab, and choose Unfreeze from the menu that appears.
You don’t need to launch the app. However, its background
Immediately restart the device
Hold down the power button
Tap Restart
After the device restarts, start AP and confirm that the Work profile apps from Shelter’s auto-freeze list are visible. See the screenshot: they will have little blue suitcases/briefcase icons next to them
Some apps will have tried to contact their tracking services at reboot (nosy. BBC Sounds is bad for this)
You’ll see those attempted pings listed in AP at this point.
Finally, tap the batch-Freeze icon in the launcher.
You may see the native, non-shortcut launcher for the Work app in the Bliss launcher still, at this point.
After all the apps have frozen, tap one of their native launchers (no briefcase…). Bliss will restart, as noted above, and the icons will be hidden normally, as you’d expect for a Frozen app.
You will need to restart the phone following this procedure after installation of any new app, because this AP seemingly never updates itself except at device restart.
General management of apps in Shelter
Just a few general things I do with Shelter to make things a little more private, click to unfold
“Work” means “nosy”. I keep my work life on my laptop, not on a personal phone.
I keep apps with any trackers set to Auto Freeze in a Shelter profile unless they have significant protection themselves (e.g. like Mull with uBlock0)
I delete the nosy apps from my Personal profile, and copy App Lounge over from my Personal profile to Work to keep the nosy apps updated inside the Work Profile.
It’s a good idea to create "Unfreeze and/or Launch Shortcut"s for each app, since the native icons are not always visible.
I use Skip Foreground Apps, since a couple of those overly nosy apps are media players.
I tried to put all the “native” launchers into a Shelterized group folder thingy, to reduce clutter on that screen. However, when they get recreated, they’re just dumped on whichever screen they used to be on, but not in the group folder thingy. That seems to be a limitation of Bliss Launcher.
Screenshots
Before and after screenshots, click to unfold
I’m a new user, so I’m only allowed a single media item. So here’s a combined screenshot, description underneath
The first “before reboot” screenshot shows the Shelter tab of the Shelter app. Apps in the Auto-Freeze list are shown at the bottom with a slightly confusing blue background that’s the same as the tabs’ background. The ones that are currently frozen have [Frozen] in front of the app’s name. Currently Advanced Privacy is frozen, and that’s what I’m recommending. So are the “BBC iPlayer”, “BBC Sounds”, and “NHS App” apps.
The two “after reboot” screenshots show what you’ll see if you’re following the procedure outlined above. Things to note:
the Freeze shortcut, which you use to re-freeze apps after restart
Bliss Launcher doesn’t show the little briefcase/suitcase icon next to the native icon pf an app in the Work profile
The native launchers for Sounds, iPlayer, and NHS appear under their “Unfreeze and/or Launch” shortcuts, due to a bug/limitation of Bliss Launcher. They should go where I out them last, in Shelterized, but…
After reboot, all apps in the Work Profile (including the normally Frozen ones) are visible in the Personal profile’s Advanced Privacy. Yay!
You don’t need to perform the fiddly 1.12 reboot procedure any more, thank goodness. However, apps that are Frozen in the Work profile don’t show in Advanced Privacy until that are un-Frozen. At this point, Advanced Privacy will show them, and it will display their attempted and thwarted tracks and leaks, but it doesn’t show an icon for them (much change! ). I guess the story is now that it rebuilds its database after a new app is installed/unfrozen (good!), but doesn’t keep a history of its details after it’s been uninstalled/unfrozen (mix of bad and good…)
AP still counts attempted and thwarted tracks & leaks from those normally-Frozen Work profile apps on its bar graph timeline regardless. It does seem to maintain a proper history there.
in blue next to the work profile apps, like the rest of the AOSP OS. However there are a couple of oddities:
). I guess the story is now that it rebuilds its database after a new app is installed/unfrozen (good!), but doesn’t keep a history of its details after it’s been uninstalled/unfrozen (mix of bad and good…)