time moves forward, now the challenge of giving a phone to my youngsters also reached me. Thinking about options, it would be nice to avoid giving out a vanilla smartphone and instead stick to the same privacy ideas that brought me here, ideally giving them e.OS as well.
While I am not quite sure yet how to approach that in general, I am leaning more towards locking the phones for starting out and let them get accustomed with using it and concepts first. The two key things I would like to do is web filtering for keeping the dark side of the internet out, and app restrictions, not allowing apps installs.
Would you have a recommendation to get a somewhat decent web content filtering on an e.OS phone? Ideally it would work while on mobile data as well (while off any wlans), and be local-only, not involve a vendor cloud.
Secondly, is it possible to restrict app installs on e.OS somehow, ideally in a lightweight fashion again?
Looking foward for suggestions and thanks for the help.
A short update for those who want to follow this path:
This works very nice. It is actually possible to add a restricted user to a current e.OS v1.1 and let the phone work in a kiosk-like mode. User restrictions are also flexible (install apps, change accounts, …) and can be adapted on the fly. Apps can be made available and customized per user. Even some fancy things like root firewalling (dev.ukanth.ufirewall) and su through Magisk work. For the latter I have not yet looked deeper if SafetyNet compliance is achievable for the apps of non-Owner user. Magisk has an option for multiuser setups, still need to look further at that.
The user environments stay intact over android upgrades.
The only thing to keep in mind and to take care of is that sms db and call log are shared across the users. So a resync between qksms and mmssms.db presents the other user the messages of the owner. A clear of the TelephonyProvider beforehand it advised.
All in all I would say this is absolutely great and a valid path for anyone who enjoys adb’ing a lot.
This looks very interesting. I’m trying to follow what you have done here on my own test device. I’m quite unfamiliar with both the firewall and Magisk so I feel already in over my head. But I am curious, how are you planning on doing internet filtering?