← All Guides

Multiple Profiles & Compartmentalisation

GrapheneOS supports multiple user profiles — isolated environments that act like separate devices. This guide explains how to use them effectively for privacy and security.

What Are User Profiles?

Each user profile on GrapheneOS is a fully isolated environment. Apps in one profile cannot see, access, or communicate with apps in another profile. This is enforced at the OS level — it is not a software overlay.

Think of each profile as a separate phone inside your phone.

Default Profile Structure

Your Privacy Devices phone ships with profiles pre-configured:

  • Owner (Primary) — Your main profile for everyday use. Secure messaging, VPN, and core apps live here.
  • Work Profile — For apps that require Google Play Services (banking, MyGov, ride-sharing). Sandboxed Google Play is installed here only.
  • Secure Comms — A dedicated profile for encrypted communication. Threema, Signal, and other messaging tools isolated from everything else.

Creating Additional Profiles

Go to Settings > System > Multiple users to create new profiles. Each profile:

  • Has its own app installations and data
  • Has its own encryption key (separate from the Owner profile)
  • Can have its own screen lock PIN/password
  • Is invisible to other profiles — apps cannot detect their existence

Switching Between Profiles

Swipe down from the top of the screen and tap the user icon to switch profiles. Each switch requires the target profile's screen lock — there is no bypass.

When a profile is not active, its data is encrypted at rest. Even if the device is powered on, inactive profiles are cryptographically locked.

Use Cases

  • Travel profile — A clean profile with minimal data for border crossings. No messaging history, no photos, no documents.
  • Financial profile — Banking and payment apps isolated from communication tools
  • Guest profile — A profile you can hand to someone without exposing any personal data
  • Decoy profile — A profile that appears to be the primary user but contains nothing sensitive (part of Phantom Protocol)

Best Practices

  • Keep your most sensitive data in a non-Owner profile — the Owner profile is the first one visible after boot
  • Use different PINs for different profiles
  • Install only what is needed in each profile — fewer apps means less attack surface
  • Regularly review which profiles are active and what data they contain

Need help configuring profiles? Contact support — we can set up custom profile structures for your specific threat model.

Browse secure devices | All guides