• 1. Overview
• 2. Technical Mechanics (and Limits)
• 3. Practical Features
• 4. Meaningful Use Cases
• 5. Who is it for?
• 6. Pros and Cons
• 7. GrapheneOS: What makes sense?
• 8. Setup Guide
• 9. Risks & Typical Pitfalls
• 10. Conclusion
• 11. Best Practices Checklist

Isolation is the first step toward digital self-defense.

by Alien Investor

────────────────

“Don’t trust, verify.”

If you take your privacy on your smartphone seriously, you cannot avoid the isolation of apps. Your smartphone is often an open book for data harvesters—it is time to close the cage door.

────────────────

§1. Overview

Shelter is a free open-source app that uses Android’s “Work Profile” function to create a second, isolated app environment on the same user profile. You can install apps into this Work Profile or “clone” them from the main profile.

Typical purpose: Move tracking-heavy apps, secondary accounts, or apps with unnecessary permission requests into a separate environment.

§2. Technical Mechanics (and Limits)

Shelter manages a Work Profile (also called a “Managed Profile”). This is a native Android system function; Shelter is merely the convenient interface for it. Apps in the Work Profile run in a separate profile storage area and are separated from apps in the personal area.

Important: Android apps are already sandboxed by default. The Work Profile provides an additional layer of separation for data spaces (contacts/files/accounts).

Limit: The Work Profile is not the same as a completely separate Android User Profile. On GrapheneOS, it is often emphasized that User Profiles offer “stronger” separation because they function without an additional management app.

§3. Practical Features

• Manage Work Profile: Easily switch the entire environment on/off.

• Clone Apps: Duplicate an app for separate logins and data.

• Freeze Apps: Put apps to “sleep” to stop background activity.

• Auto-Freeze: Automatically reduces tracking/battery consumption when the screen is off.

• File Shuttle: Move files between the personal and work profiles.

• Data Separation: Separate containers for logins and local data.

§4. Meaningful Use Cases

• Isolate WhatsApp: Prevent it from scraping your private contacts or files.

• Social Media (X/TikTok/Insta): Only in the Work Profile, which remains off when not in use.

• Secondary Accounts: Two Telegram accounts or email logins via cloning.

• Separate Banking: Strict separation of everyday and financial apps.

• Google Play Services (GrapheneOS): Bundle Google-dependent apps specifically in the work container.

• “Big Brother Apps”: Cage apps with aggressive tracking.

§5. Who is it for?

• Suitable for: People who need problematic apps but want to keep their private space clean; users of secondary accounts; GrapheneOS users for Google isolation.

• Not suitable for: Users who want the maximum possible isolation (check User Profiles here) or people who need several independent containers in parallel.

§6. Pros and Cons

• Pros: Practical separation without switching users; “Kill Switch” for apps; secondary instances without complex workarounds.

• Cons: Shelter requires an Admin role in the work context; User Profiles are often “cleaner”; data within the Work Profile remains accessible to apps located in that same profile.

§7. GrapheneOS: What makes sense?

The GrapheneOS community often recommends: User Profiles > Work Profile for maximum separation. However, Shelter is a “comfort solution” for apps that need to provide notifications constantly without the friction of switching the entire user profile. Many users specifically put Sandboxed Google Play into Shelter.

§8. Setup Guide

1. Install Shelter via F-Droid.

2. Create the Work Profile within the app.

3. Clone or reinstall apps in the Work Profile.

4. Minimize permissions (keep contacts in the Work Profile empty).

5. Use Freeze for apps that don’t need to run 24/7.

6. Create a shortcut for quick toggling of the Work Profile.

§9. Risks & Typical Pitfalls

Shelter is not an invisibility cloak. Tracking within the Work Profile remains tracking. Since Shelter requires Admin rights, the app must come from a trustworthy source. When uninstalling, always remove the profile through the app first to avoid system remnants.

§10. Conclusion

Shelter is a practical tool for caging apps. It offers separate data and a quick off-switch. For GrapheneOS, it is a convenience solution; for maximum isolation, the User Profile remains the gold standard.

§11. Best Practices Checklist

• Only move “apps to be separated” into the Work Profile.

• Keep contacts in the Work Profile empty.

• Turn the Work Profile OFF when not needed.

• Use Freeze.

• Use File Shuttle sparingly.

• Bundle Google apps.

────────────────

§Further Research & Resources

• Shelter on F-Droid

  https://f-droid.org/de/packages/net.typeblog.shelter/

• White Noise: Beyond Signal & The Future of Nostr

  https://primal.net/Alien-Investor/white-noise-messenger-beyond-signal

────────────────

Money, power, Bitcoin — and OPSEC. I write about financial sovereignty, privacy, and cybersecurity in a world built on control. More at alien-investor.org 👽 (German Only)