dcd-graphenediscuss how do I, as Joe User, determine which apps share information by "mutual consent"?
There is no easy way to verify this, as far as I know, which is why I typically err on the side of caution.
It seems logical that any apps that feature advertising or in-app purchases will potentially sideload information to/from Play Services/Store via IPC (inter-process communication).
It also seems logical that apps made by the same developer will mutually share information with each other via IPC; for example, Meta's Facebook, WhatsApp, and Instagram apps, or Google's Play Services/Store with any one of the many Google apps.
In my opinion, iOS and Android are both inherently hostile to user privacy. A multi-billion dollar industry has been built around knowing what we do every minute of the day. GrapheneOS does an excellent job of mitigating this right out of the box, but the threat to privacy increases with each additional app that we ourselves install.