LukewarmSixtieth But wouldn't exposing the network country code by default without the ability to spoof or disable it ruin privacy?
Sometimes people measure privacy leakage in terms of how many bits of information are leaked. If there are 6 billion people and something leaks around 34 bits of information about you, that is enough to uniquely identity you.
There are around 7 bits of countries, and most countries have at least 30,000 people in them, so leaking one's country is very very far from uniquely identifying one.
Meanwhile, using a Google Pixel of any model is actually pretty rare! Using a specific model is even rarer. If an app knowing which country you're in "ruins" privacy, then knowing you are using a Pixel 8 Pro presumably also "ruins" privacy -- that's the top-of-the line phone, and there really aren't that many of them.
LukewarmSixtieth It makes no sense if I have to remove my SIM card every time I switch to the secondary profile for more privacy
Speaking purely in terms of differential privacy, since there is no way to turn a P8P into a P6a when switching profiles, there is a case that the model number is the privacy downfall, not the cellular network country code. Meanwhile, merely running GrapheneOS means you are one person among maybe 200,000. Running GrapheneOS on a P8P might make you one of only 20,000 people.
Meanwhile, apps knowing the country code provides many users with non-trivial convenience during the initial launch process; instead of offering a list of maybe 40 languages, which would be clumsy and incomplete, the app can offer maybe five with much better coverage. For many people, leaking a country code is a tiny bit of privacy loss and a substantial convenience -- at least, that's what the Android designers decided.
There is a case for GrapheneOS supporting spoofing cellular network country code. But that is one feature among many that could be implemented, and it's not clear that particular thing is more important than location spoofing. And the GrapheneOS project's high-level guidance is that security and privacy are greatly increased by not using cellular infrastructure at all.
Overall, it's not clear to me that, figured in among everything else, disclosing to apps the cellular network country code of somebody who has already chosen to use a cellular network, and is thus leaking an IMEI and a position track to at least one cellular carrier, is a big deal.