I began using graphene last year, but I haven't fully committed because I'm worried I'll "burn" my GOS phone in the digital world by connecting it to my old accounts. I keep an old phone, on wifi only, running my privacy invasive apps. On my GOS, I currently only have signal and protonvpn/mail with a sim card. But I'm tired of having 2 phones. And I don't know if I'm even serving my purpose by doing the 2 phones. Don't want to get too much into my threat model, but my main goal is privacy. Digital security is great, but I'm mostly trying to avoid adtech data. I understand this may not make sense to most of you, but just trust that my threat model is different than yours. The apps that I depend on from my old phone are Google Voice (old number that is strongly connected to me), Maps, Translate, Waze, Spotify, and a few other more obscure apps. Here are my questions.

  1. In your opinion am I doing more for my privacy by keeping a separate wifi only phone for these apps than by trying to incorporate them into GOS? For clarification, these apps and logins already knew my old phone, I still use a VPN on that phone, I never connect my two phones to the same internet or have location on.
  2. Would the following division of my profiles make sense for privacy? Profile1 for my phone number and signal, Profile2 for location necessary apps like Waze, and Profile3 for apps that have my name or accounts tied to me like Voice and Spotify?
  3. Any other privacy tips for me.

Reading your situation, I think you would be no worse off to migrate your old phone into an additional User Profile on your GrapheneOS phone. Having separate users on Android/GrapheneOS is sometimes described as having a whole separate phone, because the isolation is quite strong.

I would recommend enabling notification forwarding for the user profiles you create for the most seamless experience.

Edit to add: Regarding your threat model, I suspect there would also be privacy benefits to migrating thanks to the Sandboxed Google Play, Sensors permission toggle, Block connections outside VPN by default, etc. that likely isn't in your old stock OS.

    starkle True. Even though my old device is protected better than 99% of people, it's still leaking more data than it would on GOS. I just don't want to do anything stupid and connect me to my GOS phone. Because it's my daily driver and the old one stays off most of the time

      I'm currently running two phones. My old iPhone keeps all the privacy invasive apps I use, banking and social and other stuff thats deeply associated. My pixel is my private phone which (aside from trusted stuff, and browser logins), isn't home to much of the same things.

      Aside that I need that phone for work, and I have other devices I need for work within the apple ecosystem so its not going anywhere fast, my reasoning is: I have already given all that info to apple, and all the other info they and various apps have gleaned from my life for years, on that phone and in that ecosystem.

      Starting all that again on my 'private' phone would mean redownloading and giving all that info now to google via the play store. I know I can do that a lot more privately and potentially more anonymously with graphene and fake accounts/gift cards etc, but why would I? I have spent at least the past 7 years degoogling and thats in apples world. Now I'm attempting to, at least in my private life deapple, I now dont want to regoogle. If that makes sense.

      So two phones for me actually makes a lot of sense.

      I feel this pixel and the wonderful GrapheneOS has really enabled a separation, and partly that is because there really is a separation.

      Edit and disclaimer : I'm new here (to Graphene at least) I may change my mind.