mogacy-nadproza0m
All apps on Android are sandboxed, even in Stock Android. GrapheneOS improves the sandbox. Google Play (GMS) is sandboxed just like other apps. The difference is on GrapheneOS, GMS doesn't have system-level privileges.
However, even sandboxed apps within a single profile can see a list of other installed apps and can communicate with each other IF both apps consent to communication from the other.
If there's an app or set of apps you don't trust, you can use them within a separate user profile. GrapheneOS also improves Android's profile isolation.
I've read GrapheneOS devs on Matrix say work profiles aren't as isolated as user profiles. Also, installing GMS within a work profile sometimes doesn't work as expected.