dumpling6031 So is there a way to only enable the Networking permission to allow RCS to authenticate while also preventing the rest of Google Play Services from having networking permission?
No. The Network permission is all or nothing. It just decides whether an app can access the network directly. It makes no judgements between desirable & undesirable connections made by the app.
dumpling6031 If so, how would one go about making that feature request?
You can open an issue in the GrapheneOS issue tracker on GitHub here.
dumpling6031 However, enabling this one security feature requires forgoing another.
This is the ever present question of security & privacy. What are you willing to give up to gain something else? No right or wrong answers here, just judgement calls, made by you & you alone.
dumpling6031 enabling Network permissions on Sandboxed Google Play services also enables Google ads.
Unless specifically deleted, Ad ID is present whenever Google Mobile Services (GMS) are installed, even if you don't give them the Network permission, which apps can then use. It has to be deleted manually from Settings > Apps > Sandboxed Google Play > Google Settings > All services > Privacy and security > Ads > Delete advertising ID
dumpling6031 Google ads enable tracking from the advertising companies and from Google directly, and these Ad IDs have been used to acquire, among other things, the location of users 1.
While the article might have might have made it so that the Ad ID is "the big bad," it's actually not. The real issue is people installing apps that track them, doing so without a care in the world, and then being surprised when they're being tracked.
Let's say you have an app installed. Now let's also say you grant that app the Location permission. It can now know your location (obviously). Then let's say you also give that same app the Network permission. Now that app can send your location data to anywhere on the internet just like that, whether that be to its own server(s), or it can just as much share it directly with Google and/or advertising companies through the Ad SDKs the app has embedded into it. And the more permissions you give that app, the more data about you it can send off to be sold, data that can be used to track you. Notice how in this equation GMS need not even be installed on your device for the app to share your data with Google or advertising companies. The lack of Ad ID is not stopping any apps from trying to profile you.
Just because the Ad ID got attention in that specific story doesn't mean it was the original issue. I'd compare it more to the fourth corner of a square: if you already know the three other corners & you know that you're looking for a square, you can pretty easily figure out where the last corner is. Sure, the final point being in place already will make drawing the square easier, but it's not necessary on its own.
Unfortunately privacy is much more complex than just having an on/off privacy toggle somewhere. I'd summarize the points of this story as Don't install untrustworthy apps, don't give untrustworthy apps the Location permission, and remember to follow EFF's Self-Defense Guide found here.
Good luck on your privacy journey!