How To Sandbox Android Apps For Ultimate Data Privacy
Android already runs all the apps in a sandbox environment. However, the apps can still ask permissions to access different areas of the phone, including areas where your personal data resides – such as contacts, call logs, and storage, etc. If you really need to use an app but don’t want to share your personal data with it, then you must properly isolate it.
In today’s post, I’ll show you how to sandbox apps in Android to fully isolate them and protect your personal data.
Use an Android sandbox app to isolate apps
To sandbox apps on Android, you’ll need a third-party sandbox app. Honestly, I only know a single app for this purpose and that is Island. It’s a multi-purpose cloning app that is usually used for using multiple app accounts on the same device (like two facebook accounts). However, it can also be used to isolate apps and give them permissions to access cloned apps with no data or even fake data.
Island is an unreleased app and still in its beta stage. However, I am using the app for a few months now and I haven’t noticed any glitches or instability. Although you should backup your device data before installing an unreleased app like Island.
How does Island sandbox app work?
Before you learn how to use the app to sandbox apps, it’s important to know how Island works and what are its limitations. Island takes advantage of Android’s Managed profiles feature to create a cloned version of an app and isolates it (with no data inside). By default, it automatically clones your contacts, call logs, Google Play store, system apps, and file manager app where all your personal data resides. And the isolated apps are only capable of accessing data that is available in other isolated apps.
Although Island can help protect your personal information inside other phone apps, but it can’t protect your information connected to device hardware. For example, you can’t use it protect your location from an app (better stick with spoofing your location). Additionally, it also can’t protect hardware bound information like IMEI number, Device ID, or MAC address.
Using Island to sandbox Android apps
Now that you know how Island works and what are its limitation, let’s see how to use it. Install Island and give it the required permissions to work. Afterward, tap on the “Set up” button to create a dedicated work profile.
Important note: Island requires “Device Administrator” permission to create work profiles and manage apps. This is the most elevated permission that gives full control of your phone to Island app. Although Island comes from a reputable developer, but if you don’t want to take any risks, then Island is definitely not the app for you.
Once inside the app, you’ll see a drop-down menu at the top-left corner with “Island” and “Mainland” options listed. Here Island is the section where all the isolated apps reside, and in the Mainland, all the regular apps in your phone are listed. To sandbox an app, go to “Mainland” section and tap on the app to select it. Afterward, tap on the “+” (plus) icon at the bottom and then tap on “Install” to clone it.
Now move back to the “Island” again and the cloned app will be listed here. Just tap on the app to select it and then tap on the launch button next to it to launch it. The app will start from the beginning with no saved data, and you’ll also have to log in again and provide required permissions. The permissions you’ll provide will be for the isolated version of phone apps that contain no personal data.
If you want to remove an app from the sandbox, then tap on the app in the “Island” section to select it and then tap on the menu button at the bottom (three vertical dots). Select “Remove” and then confirm it to uninstall the isolated app and delete its generated data.
As Island uses Managed profiles to create work profiles, simply uninstalling Island won’t be enough. To fully uninstall Island, first, uninstall it the regular way and then go to “Settings” and tap on “Accounts”. Here tap on “Delete work profile” and then confirm the prompt to delete all the data.
I know you’ll hesitate as Island is still in the beta stage. However, be assured that Island is in continuous development for a long time (over a year) and it’s very stable now. I haven’t faced any problem so far and it does a perfect job of sandboxing apps and protecting your data.
I Really Do Hope That This Really Would Work Just Like The Toolwiz Time Freeze Sandbox That’s On Win10 Systems At The Moment As To Be Extended To The Android Phones Within The Near Future, Since Their Android OS is Having Trojanware And Scareware Issues Within Their Google Play Store And Within Their Samsung Galaxy Store Along With Their Malwarebytes Anti-Malware Application Being Defective And The Android System Itself Being The Defenseless Droid Phone. It Makes Me Want To Press The S.O.S. Button.
I found this super handy as my father is visiting China soon and the Google App store is blocked there. You have to use the Chinese government’s app store which we don’t trust.
1) The Chinese government has been known to insert spy software in popular apps.
2) Google is better at preventing malware in the App Store.
3) Chinese apps often request overly broad permissions.
4) The Chinese App store is not good at filtering out buggy apps; this, coupled with 3, means an app could accidentally delete or corrupt your data.
Oasisfeng has been sold to a china corp long ago. So, those saying that want to avoid china government by using a Chinese app as a PHONE ADMINISTRATOR… well…
There’s also open source app Shelter available from Google play and F-Droid. Being at F-Droid makes sure there are no trackers, for same reason Island is not in F-Droid.
Ok so what is the best way to still have IG, FB and Whatsapp but stop them from using your phone with the new TOS?
How good is island in isolating possible malware, rat, trojans? if there is a o day on whatsapp and I have cloned it am I still vulnerable?
Island, Insular and similar apps don’t increase the security of apps. They simply isolate the apps from your main apps.
For protection against malware, 0-days, etc I recommend checking up on GrapheneOS or DivestOS.
Looks like Island is open source, so I’m not sure we have to worry about if oasisfeng is releasing software controlled by the Chinese government, lol.
I recently wanted to add another app to Island but I didn’t like the new features where a person is made to sign into Google to add the app. That I don’t like because I keep Google blocked and why would Google need to have permission to know I want to take an app from my mainland to put inside Island?