rsm However, when I'm logged into that non-FOSS Profile, if someone calls me on my FOSS Profile, that phone call still comes through and I'm still able to answer it in my non-FOSS Profile. I'm just curious how that would be the case when the profile does not have authority to do that.
It sounds like it doesn't have the authority since it can't answer calls.
I'm just going to be blunt about this one. GrapheneOS likes profiles, other OSs don't really use them, so the Android devs at Google don't always know about or fix some of these weird issues, like this one. (And there's another thing I'll clarify later.)
The owner profile has to be active and the owner profile has to have access to the phone. So, when a call comes through, it'll still "ping" the owner profile.
rsm It would separately be helpful to know how I can dedicate a profile other than the Owner profile to receive SMS messages without the Owner profile also receiving those same messages. Is this possible?
Unfortunately, no.
rsm Is this all easily explainable or should there be concerns about how walled off user profiles are from one another?
Not exactly.
One thing that's clear is that there are some... things that show up between profiles. It's an upstream bug that Google needs to fix, but hasn't. Bubble notifications, some enhanced notifications, and some full screen "show over other apps" notifications (like the incoming phone call one) are known to sometimes show up in the other profile. I've seen reports of some settings carrying over as well. This is probably why you're seeing Spotify notifications when switching profiles and why you're seeing the incoming phone call but unable to actually answer in the profile without access.
I tried to find some examples of similar issues, but only can find three.
Clearly Google has some bugs they need to fix. Some settings or notifications just happen between profiles.
So, does this mean your profile isolation is compromised? No. Apps in each profile are individually sandboxed and the APIs that are available to them don't let them communicate or work across the profile boundary. The issues you're experiencing are bugs either with Android's System UI or some system services not actually checking the active user before doing something.
rsm stock Android has the feature where it tells you what song is playing in the background.
This feature isn't available on GrapheneOS since it's proprietary Google software not included in AOSP.
rsm Instead, the song was playing on my FOSS profile. Again, I'm unsure how I could play a song on a device through a profile which does not even have access to the app playing that song in the first place.
This one I don't know anything about, nor do I recall reading about others having this issue. Are you sure you ended your non-FOSS profile's session? If you simply switch to another user, the non-FOSS profile will still be active.