Multi-User Support

Android supports multiple Users settings, applications, and data. Android Automotive relies on Android's multi-user support to provide a shared device experience, wherein each device User is intended to be used by a different physical person. Starting with Android 10, Android Automotive supports these types of users:

  • Headless System User. The headless system user runs in the background and hosts all system services. For Automotive, the system user is not intended to be used, nor directly accessed, by a physical person.
  • Regular User. Automotive devices are shared devices and each User is intended to be used by a different physical person. Android Users can have different roles. See Roles and Restrictions below for more information. In Automotive, all regular Users are Secondary users.
  • Guest User. Automotive users can include temporary users, such as friends, who borrow a vehicle. To accommodate uses like this, Android Automotive provides a Guest User with access to all components needed to use the vehicle. Only one Guest User can be defined on a device at a time.

Note: The Primary User flag (FLAG_PRIMARY) is not yet supported in the Automotive Headless System User model.

The following diagram illustrates how the Automotive Headless System User mode supports the multi-user experience:

Multi-user experience

To learn more, see Android Automotive Multi-User.

Roles and Restrictions

Vehicles are shared devices that may be driven by different people. Each person can have their own User, each with their own applications and data. However, a vehicle owner may not want all Users to have the same ability to modify the device. Therefore, Automotive supports the concept of providing Users with different roles and restrictions. The following User roles are supported:

  • Admin. By default, regular Users with the role of Admin can perform every task. Admin Users can grant the Admin role to other Users.
  • Non-Admin. By default, regular Users with the role Non-Admin cannot factory data reset the device, grant themselves an Admin role, or delete other Users.
  • Guest. By default, a Guest User can neither factory data reset the device nor delete other Users. By default, a Guest User has other restrictions, such as not being able to modify (add or remove) accounts, install applications, or apply a lockscreen. By default, Guest is also ephemeral.

As stated above, each role has a default set of restrictions so that a new User created with that role will have the same respective restrictions.