[APP][5.0+][BETA] Island - app freezing, privacy protection, parallel accounts

[oasisfeng]

What is "Island"

"Island" is a sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc) even if related permissions are granted. Device-bound data is still accessible (SMS, IMEI and etc).
Isolated app can be frozen on demand, with launcher icon vanish and its background behaviors completely blocked.

How does it work

Island takes advantage of the "managed profile" feature on Android 5.0+, which is the also the base of "Android for Work", to create an isolated sandbox for apps and their data.
App needs to be cloned in Island first. Afterwards, the clone can run parallel aside from the original one. (even with different accounts signed-in) It can be frozen on demand by Island. (NO ROOT REQUIRED)
Currently, all operations are manual in Island. There's a plan to integrate Greenify with Island to provide automatic freezing feature.

Common use case

• Freeze frequently woken apps. Clone it into Island and uninstall the original one outside. Then you can freeze it to fully block its background behaviors. Remember to create launch shortcut for quick de-freezing and launching.
• Prevent permission-hungry apps from accessing your private data. Sometimes runtime-permission may not be the solution, especially if the app refuses to work without certain permissions. App clones running in Island cannot access your contacts, call logs and sniff other apps outside. But SMS and location are exceptions since they are bound to device.
• Use two accounts of the same app parallel. Clone it into Island and login the other account inside.
• Archive rarely used apps. Like the first case, keep them frozen until the next time you need it.
• Hide your private apps.

DISCLAIMER

This beta version may be dangerous on some Android devices, it may cause boot-loop and even brick your device. The purpose of closed beta exclusive for advanced users is to widely test and improve the device compatibility. Don't install it on your daily device and remember to BACKUP FIRST.

Install
Opt-in the open beta test on Google Play: https://play.google.com/apps/testing/com.oasisfeng.island (May take several minutes to become visible after opt-in)
Or download the APK here: https://www.dropbox.com/sh/3fmjigfejcu0kko/AABJy7du0DQx2Jn_R0uQcy6Ea?dl=0

 

[oasisfeng]

Manual override for non-encrypted device (NO ROOT REQUIRED)

Currently, Island will prompt that it requires device encryption to work. You need either an encrypted device or the root privilege to create the Island.

If you don't want to encrypt your device, besides the root option, there's actually also a manual procedure to create Island on your device for advanced users.
Execute the following commands in the shell (in exact order):

pm create-user --profileOf 0 --managed Island
(remember the user ID shown, usually 10, use it in the following commands to replace the "<user id>".
If you got "Error: couldn't create User", execute setprop fw.max_users 10 first, then retry the command above.)

pm install -r /data/app/com.oasisfeng.island-1/base.apk
(if you get "file not found" error, use "-2" instead of "-1" in above command and execute again)

(Android 6.0+) adb shell dpm set-profile-owner --user <user id> com.oasisfeng.island/.IslandDeviceAdminReceiver
or (Android 5.x) adb shell dpm set-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver <user id>

adb shell am start-user <user id>

If all goes well, Island will start, showing the app list.

Now, have fun without device encryption.

 

[oasisfeng]

Experimental "God mode"

In normal mode, Island only takes care of apps inside the Island space. The “God mode” is an experimental mode, in which Island takes control of ALL apps, both inside and outside Island space. For example, you can freeze any app without cloning it first.

It is still in beta testing and not ready for average users. At present it is only recommended for advanced users who is well understanding what is going on the device and how to deal with unforeseeable troubles.

The limitations in “God mode”:

• App Backup (Cloud backup for app data by Google Play services) will stop working on Android 5.x~6.x. (Not an issue on Android 7+)
• If G Suite (Google for Work) account is logged in Island, Play store will switch to work mode and you cannot install most of the apps. Log out the G Suite account will revert Play store to normal mode.

God mode could only be setup manually:

1. Remove all accounts and "Work profile" (which is the Island space if you have already setup normal mode of Island) in system Settings - Accounts.
2. Execute in ADB shell:

   dpm set-device-owner com.oasisfeng.island/.IslandDeviceAdminReceiver

   If you get error message in this step, please try executing settings put global device_provisioned 0 and then above dpm ... command again, followed by settings put global device_provisioned 1. (The last command is very important, otherwise you may face status bar locked and being unable to call or SMS.).
3. Start Island app now and it will work in God mode.

God mode could even work together with normal mode in Island, giving you full control on apps both inside and outside of Island. Just setup God mode first and then follow the steps to setup normal mode, as mentioned above.

 

[Deleted member 2086469]

Is this the same concept as MoboClean? Interested to see how it works and save more battery for all of us

 

[oasisfeng]

Is this the same concept as MoboClean? Interested to see how it works and save more battery for all of us

No, Island never repack apk file locally, which is inherently insecure for users, since all your app data (including password input) are technically in the hand of MoboClean. (The same applies to other similar tools, e.g. LBE Parallel Space)

Instead, Island takes advantage of the underlying mechanism used by "Android for Work". This ensures that all your apps run natively in Android system and their data are securely stored in internal location of Android which is never accessible by Island. It has the same level of security as "Android for Work".

 

[SeemuRimu]

This will be another weapon against bloatwares.
绝对又是一款神器。

 

[weiwei233]

always here..

shell@E6883:/ $ pm install --user 10 -r /data/app/com.oasisfeng.island-1/base.apk
l --user 10 -r /data/app/com.oasisfeng.island-1/base.apk <
pkg: /data/app/com.oasisfeng.island-1/base.apk

 

[oasisfeng]

always here..

shell@E6883:/ $ pm install --user 10 -r /data/app/com.oasisfeng.island-1/base.apk
l --user 10 -r /data/app/com.oasisfeng.island-1/base.apk <
pkg: /data/app/com.oasisfeng.island-1/base.apk

If it hangs, try that command without "--user 10" instead.

pm install -r /data/app/com.oasisfeng.island-1/base.apk

 

[weiwei233]

If it hangs, try that command without "--user 10" instead.

pm install -r /data/app/com.oasisfeng.island-1/base.apk

OK!Success
----
127|shell@E6883:/ $ dpm set-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 11
et-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 11 <
java.lang.IllegalStateException: Not allowed to set the profile owner because there are already some accounts on the profile
at android.os.Parcel.readException(Parcel.java:1618)
at android.os.Parcel.readException(Parcel.java:1558)
at android.app.admin.IDevicePolicyManager$Stub$Proxy.setProfileOwner(IDevicePolicyManager.java:6079)
at com.android.commands.dpm.Dpm.runSetProfileOwner(Dpm.java:132)
at com.android.commands.dpm.Dpm.onRun(Dpm.java:85)
at com.android.internal.os.BaseCommand.run(BaseCommand.java:47)
at com.android.commands.dpm.Dpm.main(Dpm.java:38)
at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:251)

 

[oasisfeng]

OK!Success
----
127|shell@E6883:/ $ dpm set-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 11
et-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 11 <
java.lang.IllegalStateException: Not allowed to set the profile owner because there are already some accounts on the profile
at android.os.Parcel.readException(Parcel.java:1618)
at android.os.Parcel.readException(Parcel.java:1558)
at android.app.admin.IDevicePolicyManager$Stub$Proxy.setProfileOwner(IDevicePolicyManager.java:6079)
at com.android.commands.dpm.Dpm.runSetProfileOwner(Dpm.java:132)
at com.android.commands.dpm.Dpm.onRun(Dpm.java:85)
at com.android.internal.os.BaseCommand.run(BaseCommand.java:47)
at com.android.commands.dpm.Dpm.main(Dpm.java:38)
at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:251)

Please remove the work profile in Settings - Accounts, then follow the instructions strictly with all the commands entered one by one.

 

[weiwei233]

Please remove the work profile in Settings - Accounts, then follow the instructions strictly with all the commands entered one by one.

i think i messed up..
sorry
Start island app still prompt "build the island"

1|shell@E6883:/ $ pm create-user --profileOf 0 --managed Island
pm create-user --profileOf 0 --managed Island
Success: created user id 14
1|shell@E6883:/ $ pm install -r /data/app/com.oasisfeng.island-2/base.apk
pm install -r /data/app/com.oasisfeng.island-2/base.apk
pkg: /data/app/com.oasisfeng.island-2/base.apk
Success
1|shell@E6883:/ $ dpm set-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 14
-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 14 <
java.lang.IllegalStateException: Trying to set the profile owner, but profile owner is already set.
at android.os.Parcel.readException(Parcel.java:1618)
at android.os.Parcel.readException(Parcel.java:1558)
at android.app.admin.IDevicePolicyManager$Stub$Proxy.setProfileOwner(IDevicePolicyManager.java:6079)
at com.android.commands.dpm.Dpm.runSetProfileOwner(Dpm.java:132)
at com.android.commands.dpm.Dpm.onRun(Dpm.java:85)
at com.android.internal.os.BaseCommand.run(BaseCommand.java:47)
at com.android.commands.dpm.Dpm.main(Dpm.java:38)
at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:251)
1|shell@E6883:/ $ am start-user 14
am start-user 14
Success: user started
127|shell@E6883:/ $ am start com.oasisfeng.island
am start com.oasisfeng.island
Starting: Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] pkg=com.oasisfeng.island }
shell@E6883:/ $

 

[Open.Orange]

@oasisfeng Hi, I've become a beta tester and operation system is 5.0.2 but still can't download from Google play ,and it says this application with all of your devices are incompatible.

 

[jyu2uh]

Works great on my Sony E5823. Hope the automatic mode will come soon.
Really excellent work and admire your always ingenious work.

 

[jyu2uh]

Something wrong with the cloned app Meituan. While running, the force close warning will keep poping out though after click yes, the app is still usable without being force closed.

 

[oasisfeng]

i think i messed up..
sorry
Start island app still prompt "build the island"

1|shell@E6883:/ $ pm create-user --profileOf 0 --managed Island
pm create-user --profileOf 0 --managed Island
Success: created user id 14
1|shell@E6883:/ $ pm install -r /data/app/com.oasisfeng.island-2/base.apk
pm install -r /data/app/com.oasisfeng.island-2/base.apk
pkg: /data/app/com.oasisfeng.island-2/base.apk
Success
1|shell@E6883:/ $ dpm set-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 14
-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 14 <
java.lang.IllegalStateException: Trying to set the profile owner, but profile owner is already set.
at android.os.Parcel.readException(Parcel.java:1618)
at android.os.Parcel.readException(Parcel.java:1558)
at android.app.admin.IDevicePolicyManager$Stub$Proxy.setProfileOwner(IDevicePolicyManager.java:6079)
at com.android.commands.dpm.Dpm.runSetProfileOwner(Dpm.java:132)
at com.android.commands.dpm.Dpm.onRun(Dpm.java:85)
at com.android.internal.os.BaseCommand.run(BaseCommand.java:47)
at com.android.commands.dpm.Dpm.main(Dpm.java:38)
at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:251)
1|shell@E6883:/ $ am start-user 14
am start-user 14
Success: user started
127|shell@E6883:/ $ am start com.oasisfeng.island
am start com.oasisfeng.island
Starting: Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] pkg=com.oasisfeng.island }
shell@E6883:/ $

This means your existing managed profile is not correctly removed. Please try removing it first in the Settings - Accounts, or use the following shell command to remove it:

pm list users
pm remove-user <user id>

 

[oasisfeng]

@oasisfeng Hi, I've become a beta tester and operation system is 5.0.2 but still can't download from Google play ,and it says this application with all of your devices are incompatible.

Sorry, not all devices / ROMs support managed profile as the AOSP/Nexus device. If you are using 3rd-party ROM, please contact the ROM modder for support of "managed profile" feature.

Even if your device is not supported right now, please stay tuned for the incoming "God mode" which supports all devices of Android 5.0+.

 

[weiwei233]

This means your existing managed profile is not correctly removed. Please try removing it first in the Settings - Accounts, or use the following shell command to remove it:

pm list users
pm remove-user <user id>

disaster

shell@E6883:/ $ pm list users
pm list users
Users:
UserInfo{0:+86:13} running
UserInfo{11:Island:30} running
1|shell@E6883:/ $ pm remove-user 11
pm remove-user 11
Success: removed user
1|shell@E6883:/ $ pm create-user --profileOf 0 --managed Island
pm create-user --profileOf 0 --managed Island
Success: created user id 12
1|shell@E6883:/ $ pm install -r /data/app/com.oasisfeng.island-2/base.apk
pm install -r /data/app/com.oasisfeng.island-2/base.apk
pkg: /data/app/com.oasisfeng.island-2/base.apk
Success
shell@E6883:/ $ dpm set-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 12
rofile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 12 <
java.lang.IllegalStateException: Trying to set the profile owner, but profile owner is already set.
at android.os.Parcel.readException(Parcel.java:1618)
at android.os.Parcel.readException(Parcel.java:1558)
at android.app.admin.IDevicePolicyManager$Stub$Proxy.setProfileOwner(IDevicePolicyManager.java:6079)
at com.android.commands.dpm.Dpm.runSetProfileOwner(Dpm.java:132)
at com.android.commands.dpm.Dpm.onRun(Dpm.java:85)
at com.android.internal.os.BaseCommand.run(BaseCommand.java:47)
at com.android.commands.dpm.Dpm.main(Dpm.java:38)
at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:251)

 

[jyu2uh]

It seems the apps in "island" can't share the VPN connection in the system. Anyway to fix this?

 

[TNSMANI]

@oasisfeng
A small correction in the heading of this thread.
"Inner Peace" instead of "Inner Peach".

 

[lpyyss]

Is installation through Google Play Store inside island possible?