SOT = screen on time, or something else? It's not explained in the OP.

Sandboxed Google Play Services enabled for both main profile and work profile on the owner account

You have two instances of sandboxed Google Play running at all times. That's likely your culprit. If you weren't using that work profile and just used the owner profile as is, with sandboxed Google Play, I think your results would be substantially different.

@Foggy @Graphene1

Apologies, I assumed that it would be clear that SOT would mean "Screen-On Time" within the context of battery consumption analysis. I should've clarified.

@matchboxbananasynergy

Thank you for your insight. That is true, I always have two instances of GmsCompat running at all times. I settled on my current setup since it allows for maximum compatibility by using sandboxed Google Play on both the main and work profile, while giving me added privacy by allowing me to use Shelter to compartmentalize my proprietary apps separately and being able to freeze them while not in use.

But as stated in my conclusion, although my current setup may result in slightly lower SOT compared to stock, the slight decrease of battery life is completely worth the additional protection features offered by Graphene.

I also settled on compartmentalization via Shelter in one owner profile versus compartmentalization via different user profiles, because although this setup results in increase of attack surface, I often need to be able to selectively share data from a trusted app to a proprietary app.

Some examples would be sharing a photo via a proprietary messaging app to contacts that are not on Signal, or copy-pasting banking account information received from Signal to a proprietary banking app.

    Vagabond8630 Google Play services uses a significant amount of resources and running 2 instances of it will reduce battery life significantly compared to running 1 instance. GrapheneOS out-of-the-box will have much better battery life and it should still be better if you're comparing a single instance of sandboxed Google Play to the stock OS. This fully explains why you have lower battery life.

    @Vagabond8630 If you post about this elsewhere, please make sure to clearly explain you're running 2 instances of Google Play services on GrapheneOS and that doing that will clearly reduce battery life particularly since you have 2 connections to FCM which could mean that FCM is using nearly 2x as much battery life if their checks aren't getting close to synchronized in practice.

        I can't be sure where the difference in battery life is coming from, but it may be due to stock's adaptive battery function that is not available on GOS.

        Not really, GrapheneOS essentially has the adaptive battery functionality without the branding. We have the standard power usage restrictions fully enabled, unlike AOSP where they aren't enabled. It simply means things work the same as the stock OS and they need to be properly written to handle the battery restrictions including requesting unrestricted battery mode if they require it to do their own push without Google Play, etc.

        GrapheneOS Google Play services uses a significant amount of resources and running 2 instances of it will reduce battery life significantly compared to running 1 instance. GrapheneOS out-of-the-box will have much better battery life and it should still be better if you're comparing a single instance of sandboxed Google Play to the stock OS. This fully explains why you have lower battery life.

        This does not explain the lower battery life if he also used the work profile on stock OS, because he would also have 2 running instances of Google Play Services.

            balance3767 That is incorrect. On Stock, Google Play Services is a highly privileged application that oversees everything on the device. If you use multiple profiles on GrapheneOS, you're not using multiple instances of it, it's one instance. The reason it's 2 on GrapheneOS is because they're sandboxed in the same way as other apps, so you have to run multiple instances of the app just like with any other app.

              GrapheneOS

              Google Play services uses a significant amount of resources and running 2 instances of it will reduce battery life significantly compared to running 1 instance. GrapheneOS out-of-the-box will have much better battery life and it should still be better if you're comparing a single instance of sandboxed Google Play to the stock OS. This fully explains why you have lower battery life.

              Thank you very much for your insight. That seems to make sense on an intuitive level. I may try testing out the hypothesis by separating the proprietary apps via another profile that fully shuts off.

              It seems that the compartmentalization options are:

              1. None - Keep everything on the owner profile, with 1 instance of GmsCompat running at all times
              2. Via work profile - Compartmentalize with the work profile, with 2 instances of GmsCompat running at all times
              3. Via user profiles - Compartmentalize with the work profile, with 1 instances of GmsCompat running per profile, assuming notification relay is deactivated for non-user profiles

              Are there any other possible compartmentalization options?