I have created a work profile for Android Auto. To prevent my IP from being transmitted to Google, I have stored a wireguard tunnel from Proton in the work profile. Then i installed Android Auto from the Graphene App Store in the work profile. Sandboxed Google Play was created.

What surprises me. Immediately after completing the installation of Sandboxed Google Play in the work profile, 24 addresses, most of them Google addresses, were called up in the main profile. These are the addresses:
accounts.google.com
pay.sandbox.google.com
digitalkeypairing.org
www.android.com
play.google.com
walletshare.googleapis.com
simtransfer.goog
gds.google.com
enterprise.google.com
near.by
pay.google.com
staging-walletshare.sandbox.googleapis.com
androidauto.com
proofing.gmsdrops.goog
gaiastaging.corp.google.com
app.goo.gl
market.android.com
wallet.apple.com
business.google.com
accounts.sandbox.google.com
cert-wallet.apple.com
wallet.google.com
proofing.upgradeparty.goog
one.google.com

My Adguard filter classifies some of these calls in the "Advertising" category.

Is it correct that these Google addresses are called up in the main profile of all places after installation in the work profile or have I done something wrong?

    Lukki since you've asked for my help: I'm not sure how VPNs work in Work profiles. I was under the impression that you can only tunnel traffic from the owner profile which would include the work profile? If that's the case, you would need to install and run the VPN from the owner to prevent DNS leaks. But, as I'm not really an expert in that field, somebody else should confirm this as my assumption may be blatantly false.

      Lukki What surprises me. Immediately after completing the installation of Sandboxed Google Play in the work profile, 24 addresses, most of them Google addresses, were called up in the main profile.

      Can you say precisely what is meant by "addresses" being "called up"?

      If you are referring to DNS queries (as opposed to connections), this is probably App link verification.

          de0u These are DNS queries. They took place unique.
          What do these queries mean?
          Why do these queries occur in the main profile and not in the work profile? I have installed Sandboxed Google Play there.

          • de0u replied to this.

              Lukki What do these queries mean?

              That is explained in the GrapheneOS documentation on App link verification: https://grapheneos.org/usage#app-link-verification

              Lukki Why do these queries occur in the main profile and not in the work profile?

              I suspect that the verification step is handled by or triggered by the package manager running in the owner profile.

                  I searched on Discord and the project account said "app link verification is Owner traffic" so de0u is probably right!

                  I was also guessing maybe you had set up Adguard using private DNS. If that's the case, you should see those DNS requests there too since it's a global setting.