Sorry for the noob questions. I'm still trying to understand everything.
If I understand this correctly, due to Android's Interprocess Communications, it should be assumed that installed Google apps will be able to communicate with each other. So for example, even disallowing network access to one Google app might not accomplish anything if you have other Google apps installed on that profile that have network access, including sandboxed google play services? This is something GOS is trying to address with its planned App Communication Scopes feature?
But currently, when I'm using non-Google apps, what privacy am I sacrificing when installing them on a profile with google play services?
I keep reading that play services is sandboxed just like any other app. Ok...but play services can clearly access some things about my apps when all I've done is grant it network access. For example, some apps won't run at all unless you have Play Services installed. But once I install sandboxed play services, the app starts working. What information about that non-Google app is being sent back to Google? Similarly, when play services handles notifications, can Google read my notification content? What metadata are they receiving about my app usage, notifications, etc?
On the other way around, what information do non-Google apps see about my Google services? If I log into a Google app while using sandboxed play services, can third-party apps now identify me through my Google account?
If this is all protected, what's the threat model use case for running third-party apps, like Signal, only on a profile without play services as I see many people doing. How does using sandboxed play services go against that?