Hello!
I came up with the following workflow for my apps:
Owner profile: contains trustworthy apps + GMS for better battery life and notifications + some Google apps without network permission
Private space: contains 1 or 2 apps that I'm required to use but I don't trust (eg. Messenger)
Banking profile: contains my banking apps, and crypto wallet
Now, here come's the problem: within my owner profile, I have Signal and Proton Mail that require GMS for notifications. This is the only reason I installed GMS in my main profile. Now, Google Play Services requires network permissions. I also have Google Camera, Google Photos and Gboard installed, without network permissions. I might be paranoid, but I'm afraid that, GMS and these networkless apps could talk to each other and extract files such as my photos, location data or what I'm typing. I didn't have this paranoia before I installed GMS as all my Google apps were without network permission, but now that I had to connect GMS to the internet and read about Inter Process Communication (IPC), I'm a little bit worried.
So I thought about this for a bit, and came up with the idea to put Signal and Proton Mail into the private space, but then I'd have to pay attention to keep them running, and also they would be in the same basket as the apps I don't trust. So I kind of ruled this out.
Next option that I thought about is to simply uninstall GMS in my owner profile and simply use Signal's own implementation for notifications. This would probably solve my paranoia, but then I'd possibly lose out on battery life and put up with not getting Proton mail notifications.
The third option is simply to use GrapheneOS camera, photos, and keyboard app instead of Google's proprietary ones. This could work as a last resort.
I don't know, maybe I'm overly paranoid and overthinking this whole situation, but maybe you guys could help me come to a conclusion for this problem.