Hey all,
I've come the decision that I want Google Play services installed on my owner profile to enable NFC / Yubikey support; I believe FIDO requires this. I currently have Google Play services isolated on a separate user profile.
My first instinct was to install Google Play services on a work profile using Shelter, but I'm cautious about giving privileged device access to a third party app. My question is - as GrapheneOS provides solid app isolation, isn't Shelter's extra isolation largely redundant? What am I gaining from Shelter, especially if I'm just installing a few fairly well trusted apps (Microsoft Authenticator, my banking app, etc.).
From my perspective, going without Shelter seems a like a superior option as I don't have to give away any privileged device access. Does anyone have any compelling counter-arguments to this? Would love to hear any thoughts, thank you :-)