I am interested in trying GrapheneOS and have been reading through the documentation to get a grasp on what has been done differently from other systems and why. In general, I found the features page here to be well-written and easy to understand, but there are a couple things I was hoping someone could help clear up.
I have seen mentioned a few places the practice of adding Google services into a separate user profile, as a security or privacy precaution. On its face, that seems to make sense but after reading a little more I'm not sure I get it. In the notes for Sandboxed Google Play (here), it seems to suggest Google services are already somewhat limited with what can be accessed:
Only apps within the same profile can use it and they need to explicitly choose to use it. It works the same way as any other app and has no special capabilities. As with any other app, it can't access data of other apps and requires explicit user consent to gain access to profile data or the standard permissions. Apps within the same profile can communicate with mutual consent and it's no different for sandboxed Google Play.
For the sake of an example, I use Proton Mail which relies on Google Services for push notifications. My initial thought was these apps could be isolated to a separate profile...but after reading through the documentation above, it is somewhat unclear what benefit this brings. What is visible (from the perspective of the Google Services app) with the permission it has for retrieving notifications seems like it would be unaffected by what profile it is in. Am I missing something?
If anything, putting my Proton Mail client in a separate profile seems like it could prove to be a nuisance; my understanding is I would not be able to copy and paste something into a web browser in another profile, for example. Or even click through a link for that matter, unless the new profile had its own web browser installed.
Another app I have to use for work is the Microsoft Authenticator app, which also piggy-backs on Google Services. It is a work app and it makes sense for it to be in a separate profile from my normal stuff, but again: what exactly does this practice add from a security or privacy standpoint? This is not an app that attempts to interact with other apps, or really do anything but sit there and wait for a notification to come down so it can churn out an MFA code.
Thanks for reading through all that, I've just been kind of absorbing a lot of new information with the GrapheneOS documentation and my head is spinning a little bit! Any clarification or insight would be welcome, thanks again for reading.