feifeipig I hope GOS provide a way to better sandbox those apps. Basically control what each app can see and talk to. Installing each app on different profile is practically impossible.
The fundamental problem with privacy-invasive apps is that if you impose enough controls on them that they can't collect information about you then they can just refuse to run. If you want to search for some item on somebody's online store, inherently their servers must receive your search term, and then the company can sell the information. Even if the device conceals some information about you such as your IMEI and/or your home IP address, it will leak other information. If you sleep at roughly the same time each day, it is possible to guess your actual timezone regardless of the device's ostensible timezone or the timezone of your VPN exit node. If you are the only person in your timezone with a Pixel 7a who searches for purple bunnies and kale-flavored ice cream, then you will be identifiable.
The big thing GrapheneOS genuinely can't protect you against is behavioral information you voluntarily share with entities across the network. If you really don't want AliExpress to know what you like to purchase, it may be necessary to avoid purchasing from them.