This is incorrect information.
give it storage scopes and make sure you don't store sensitive info in shared folders
Storage Scopes is an alternative to granting storage permissions. Enabling Storage Scopes doesn't reduce access compared to not granting permissions. Contact Scopes works the same way. These are alternatives to permissions, not something that restricts apps further than not enabling either.
Apps with trackers and analytics store their analytics data in their respective Android/data/ folders. Have a look what info they collect and whether you're happy with it.
Android/data is only for data stored in the largely legacy scoped external storage directory. Internal storage directories are where most data is stored. Neither has much to do with analytics/telemetry.
Very simply put but in my opinion there are things OS can't control and giving privacy invasive services such as Google Play, Meta, Microsoft infrastructure and so on network access is already half way to disaster.
It's not clear what you mean by "things OS can't control".
Not using sandboxed Google Play doesn't mean you aren't using Google apps and services. Every app depending on sandboxed Google Play uses the Google Play SDK and libraries which run as part of the app. Sandboxed Google Play doesn't run in a special sandbox. It runs in the standard app sandbox with all the standard GrapheneOS privacy/security improvements. It doesn't have any special access or capabilities. It's a misconception that it's a special sandboxing approach. The compatibility layer teaching it how to run in the standard app sandbox is what we provide.