First I want to apologize for yet another Google Sandbox post. I have read several posts here, reddit, looked at the documentation on the GrapheneOS website and also watched several videos on youtube. Even after all that I still have some questions that I would be very thankful to have clarified/confirmed. Thank you in advance for your time.
1) Regardless of installation source (IE: F-Droid, Aurora, Google Play) GrapheneOS places each installed app into a sandbox with configurable permission controls?
2a) Regardless of permission controls, if user allows access between two apps, such as Signal to Contacts, or NextCloud to storage, then apps other then the original two could in theory access the shared data if they wanted to? This is simply the nature of the beast, or this case, Android and other OSes in general.
2b) Regardless of permission controls, if user allows access between two apps, such as Signal to Contacts, or NextCloud to storage, then apps other then the original two could in theory access the shared data and/or all data in either of the original two apps if they wanted to? This is simply the nature of the beast, or this case, Android and other OSes in general.
3) The situation/behavior described in 2a or 2b also applies to the three Sandboxed Google Play apps (Google Services Framework (GSF), Google Play services, Google Play Store), if you install Sandboxed Google Play on your phone, regarding looking into the exposed data?
4) If Sandboxed Google Play is installed in the main/only profile then the situation/behavior described in 2a or 2b could occur with one's data?
5) The question between "Main" Profile and "Second" Profile for installing Sanboxed Google Play comes down to whether you want the three Sandboxed Google Play apps having the option to snoop on the data that is being shared between, (and inside each of them?), the sharing apps? Whereas if a person wants to ensure that Google is limited to only the apps, and their data, that require google play services, they would use a separate profile?
I think that covers everything. Thank you again in advance for any help and your time.