routefailure99
1-If the focus of Graphene is security, and it supports sandboxed play store, why use anything else, as the source of .apk can only be less secure and potentially add attack surfaces?
It's one of the best places to get apps, but not the only one. There are other secure options. Accrescent app store or getting apps with self-update support directly from developers are examples.
2-Following on from question 1, if I create profiles such as Main, Finance, Garbage, Work etc and seggregate apps, to me this seems to increase security by isolating apps that should be (internet banking etc) from other apps whether play store or other sources and so I would like to hear any recommendations and downsides to this.
Apps are sandboxed whether or not you use profiles. Profiles do prevent apps talking to each other though. We plan to add App Communication Scopes for restricting this within profiles.
3-It occurred to me, say your banking got hacked directly or indirectly and it was discovered you were using a. Graphene and/or b. 3rd party app store, youd be left out in the cold no?
No, not at all in regards to using GrapheneOS. A 3rd party app store isn't going to have the banking app unless they uploaded it there.
Therefore you have to wonder, is Graphene more secure in the hands of the average user?
Yes, far more private and secure. We offer a lot of improvements to both not requiring users to do anything differently than on the stock OS. Most of our features don't require users to do anything to benefit from them. The features which do such as Storage Scopes, Contact Scopes, Sensors toggle, etc. are easy enough to use. It's not that hard to opt into security improvements such as memory tagging for all user installed apps (exclusive to 8th gen Pixels onwards), disabling native debugging, etc. too.
What real world examples are there of this that people have?
GrapheneOS has over 200k users on still supported devices. It's not something super niche only used by a small number of people. People use it in all kinds of different ways. Some people use it closely to how they'd use the stock OS, while others use it much differently without Google Play.