eyphzlm
If this is your setup and fits your threat model - awesome, it looks solid. I also agree that the proverbial hard path ultimately makes life easier.
But I doubt that your setup exactly fits the OP's needs as he said:
So far, I just have an owner profile and I downloaded the Pixel camera and connected it to the Aves gallery.
Switching from Samsung to GrapheneOS using Pixel Camera and Aves is a setup which absolutely could achieve what he is asking for:
I am looking for improved privacy and security, but I tend to compromise on it for functionality.
I would even go as far as to say that the "compromise" of this setup is negligible (based on his threat model, which I can only speculate about at this point).
Keep your owner profile clean never install anything on it (unless you want to clone that app to multiple profiles).
If you give an advice for such a specific setup, it would be helpful to explain: Why should OP set it up that way?
Here you could find some useful advice about this setup - not voting for this setup, just saying.
First try out the graphene os camera if you think its not for your needs then create a complete seperate profile
If you mainly rely on GrapheneOS Camera and use Pixel Camera only for edge cases, this might be a valid point (again: OP already seems to have decided to use Pixel Camera instead of GrapheneOS Camera).
Daily driving a Pixel Camera in a separate profile may make sense in some cases but whether using cloud, USB drive, or an app like InterProfileSharing: Frequently tansferring photos and videos from one profile to another causes notable friction.
If you are not going to use Aves gallery stats and map feature at all then try to find an alternative you can use inbuilt gallery app from gos or use fossify gallery app.
Again, OP already seems to have taken an informed decision to choose Aves over Standard Gallery.
Regarding Fossify recommendation: It would be helpful if you could explain what makes Fossify better than Aves (Libre) in terms of security and privacy.
Its not diaster at all i been using it daily its needed for my threat model. Michael Bazzell OSINT Expert in his book Extreme Privacy and training at IntelTechniques, he advocates for complete compartmentalization of identities (e.g., personal, professional, investigative) to minimize data leakage and cross-contamination.
I agree - great book written by a great author. But it's full title says it all: "Extreme Privacy: What It Takes to Disappear".
That's probably overkill for most threat models.
there are tons of issues on private space its relatively new unlike secondary profile which is more mature
There may be some issues (which by the way also applies to user profiles), but all in all, it is a very solid implementation that offers some real advantages when it comes to separating apps comparable to user profiles.
In conclusion, I cannot put it better than this:
Don’t worry too much about setting up user profiles perfectly the first time. Many in the GrapheneOS community have said that they’ve gone through multiple setups before finally settling on what they think works for them.
Our suggestion for people who are switching to GrapheneOS would be to start out without using secondary user profiles and evaluate whether their needs require their use later. As explained above, the Private Space feature is a great way to get the advantages of separate profiles without any of the inconvenience that they can come with.
source: https://seprand.github.io/articles/best-user-profile-setup/#final-thoughts
And (that applies to me as well): We all have provided @Guitarkingx lots of ideas and input to digest. Perhaps it would be beneficial to wait for a response or feedback in order to be able to better address his needs.