Share data between GrapheneOS User Profiles using local-only Syncthing
Intro
User profiles in GrapheneOS (and other Android ROMs) are a useful mechanism for compartmentalising different use cases of a phone into isolated areas, but this isolation can make it difficult to move files between profiles when needed.
This post will show a relatively easy way to share files between profiles.
Motivation
Even heavy FOSS advocates sometimes need the convenience of their Banking apps, Travel/Airline apps and other occassionally used apps. However you may not want to install these closed source or privacy invasive apps alongside the rest of your user data and other applications.
One of the pain points of using separate user profiles in Android is how difficult it can be to share data between the isolated profiles. You may want to copy a username/profile from your password manager in your Main profile to a Travel profile, or copy a verification URL, photos/pictures, plane ticket PDF, etc.
Outline
- Install Syncthing on Main/Admin profile and other Profile
- (Admin Profile) Configure Server-side settings
- (Other Profile) Configure Client-side settings
- (Admin Profile) Accept/allow device from Other Profile
Full Steps
Installing Syncthing
Syncthing can be installed via Fdroid.
If you already use Syncthing for other usecases, you can install one of the Syncthing forks such as
Syncthing Fork
.
In GrapheneOS, you can install apps from you Admin profile into User Profiles via user settings in (Settings -> System -> Multiple users -> <select user profile> -> Install available apps -> toggle Syncthing)
.
Configure on Admin Profile
Once you have installed Syncthing on your Admin Profile, open it and go to Settings.
Under Syncthing Options
:
- Change
Device Name
->Admin
- Change
Sync Protocol Listen Address
to something liketcp://127.0.0.1:23001
- Disable the following checked options:
Enable NAT Traversal
,Local Discovery
,Global Discovery
,Enable Relaying
since we will only be using Syncthing locally, on-device
Before starting to configure your other/client profile, note down the Device ID
of your Admin Profile
, you will need this later.
Since this ID is long, a quick easy method to share it is to take a screenshot, and use a secure Messenger or your own secure file server to share this to another local device/computer, so that you can simply scan the QR code later.
Configure on Other Profile
Make sure you have installed Syncthing on the Other
profile (see Installing Syncthing).
First Dialogue
- Continue
- Storage Permission: Allow storage. I prefer to only allow specific storage access via
Storage Scopes
. I create a new folder calledMultiProfile
which I allowed Syncthing access to. - Location Permission: I prefer not to enable this, although you can enable this to have Syncthing only try and sync when connected to certain WiFi networks, if you prefer.
- Notification Permission: to show when Syncthing is running + requests for initial folder sharing, I prefer to enable although it might be possible to disable this.
Initial Setup
Syncthing auto-configures a share on your DCIM / Camera folder, although if you setup Storage Scopes like I recommended above, this will show a red error. I always just delete this.
Open Settings, in Syncthing Options
:
- Change
Device Name
->Other Profile
- Change
Sync Protocol Listen Address
-> whatever you chose above when setting up the same option in theAdmin Profile
- Disable the following checked options:
Enable NAT Traversal
,Local Discovery
,Global Discovery
,Enable Relaying
since we will only be using Syncthing locally, on-device
Adding the device
On the main screen on Syncthing
, go to the Devices
tab and press + Add Device
, fill in:
- Device ID as the
Admin Profile
’s ID we saved earlier (or scan via QR Code) - Enter the name
Admin
- Change the
dynamic
(link) field to your admin endpoint from earlier (tcp://127.0.0.1:23001
)
Accept on Admin Profile
Go back to the Admin Profile and you should see a request from your Other Profile
to add as a device.
To share folders, you should add a folder on your Admin device:
Whenever you add a new device/profile, you will need to enable it to have access to a shared folder.
This property of Syncthing can allow you to setup your shared profiles in a different way, where you only share a specific sub-folder with each profile, so that only the only way to share data between profiles is
Admin
<->Other
profiles and not allow shared folders betweenOther1
<->Other2
.
Once you accept, you should be able to seamlessly transfer files between these two profiles.
More Profiles
You can repeat the previous 2 steps for more profiles, to allow all profiles to have a shared folder.
You could create a different shared folder for each Admin/Other profile combo, if you want.
Conclusion and Alternatives
This is a relatively easy way to set up a seamless shared folder experience between different Android User Profiles.
However, you may not want to set up an always on service, or only selectively share certain files.
So here are some alternatives.
USB Stick
This is the simplest approach possible, and was my preferred method before discovering the local Syncthing method.
Simply carry around a USB C Memory Stick, and copy files on/off the USB Stick to move files between the profiles.
This is a bit clunky but highly effective, and requires 0 extra setup.
SFTP Server
This is very similar to the Syncthing steps, but instead of Syncthing, set up an SFTP Server on the Admin Profile.
You set up an SFTP server on the Admin Profile and connect to the server file from User profiles to selectively copy files over. This is a more involved set-up, and has the disadvantage of requiring each file to be individually copied over when required, whereas with Syncthing, the files will just automatically sync between user profiles as long as the file is placed in the shared folder.
There are a couple of File Manager apps (such as Material Files
) which include an FTP Server, this can be a quick-and-easy method to have both a client and server within 1 app.