Hey there! First of all, welcome to the forum. :)
I think that it is tough to give a yes/no answer here, and also do note that I've used GrapheneOS for years at this point, so my answer can be biased.
With that said, it sounds like you've got a pretty sweet deal going. iOS is quite secure in general, and if you're using an iPhone that's still supported, it's a very good choice (certainly a much better choice than most Android devices, to be honest). If I were to recommend a phone/OS combo to someone who's not interested in learning new things and I'd just like them to have a functional secure device, I'd suggest an iPhone every single day of the week.
However, the fact that you're here tells me that you'd be open to learning new things and adjust accordingly, so let's dive in to see if switching over is worth it for you.
Let's address your main concerns, which as I understand it as are as follows:
- You think GrapheneOS comes with a significant usability compromise.
- You think GrapheneOS may be too complex for someone not willing to spend a significant amount of time learning how to use it.
- You think GrapheneOS cannot possibly be able to keep security updates in check as quickly as Apple could, due to its team being smaller.
- GrapheneOS is highly usable. Before Sandboxed Google Play (that was almost a couple of years ago now - time flies!) and things like the Exploit Protection Compatibility Mode toggle (which disabled some hardening for the specific app you enable it for in case it is crashing due to something like a memory corruption bug which would make it crash to protect you), there were some pain points. Apps that needed Google Play Services for some or all functionality wouldn't work or said functionality wouldn't work, and you just had to deal with that. Buggy apps with memory corruption issues would crash due to hardened_malloc with no other options. What if that app was your banking app or an equally important app? Well, you don't have to care or worry about that anymore. In terms of app compatibility, pretty much the only stragglers are apps that require a Google certified OS to work. That's an explicit choice by the apps and there's not much we can do, though we do have a guide for those developers to be able to whitelist GrapheneOS when they do that, which you can find here:
https://grapheneos.org/articles/attestation-compatibility-guide
Really those, these apps are very much the exception to the rule. Notable things that currently won't work due to that is Google Pay NFC payments, for example. NFC payments work great, and if you have another app which doesn't use Google Pay and doesn't gate its system behind those checks, you can use it, but Google Pay is currently a no-go, unless we spoof those checks, which would only be a temporary solution because in the future they won't be spoofable anymore. It can be problematic to work around apps not wanting to work on GrapheneOS in a way that's only temporary and have people using the OS rely on them, only for those apps to be pulled under their feet down the line.
Furthermore, you mentioned some specific examples, so I want to quickly address those:
Sandboxing: all apps are sandboxed by default. That's the same as Stock Android, and the same as iOS. You don't have to "sandbox" apps yourself.
User profiles are very useful to compartmentalize your usage and bring some benefits, but they're in no way necessary, and in fact, I'd wager a guess that most GrapheneOS users don't really use them all that much.
Proton Mail requires Play Services to deliver notifications. As such, you need Sandboxed Google Play for them to provide you with those. That's not a deficiency/weakness of GrapheneOS. The app is choosing to utilize Play Services for this, and GrapheneOS provides you with a secure way to use Play Services within the regular app sandbox that all other apps you install reside in (Sandboxed Google Play is optional).
Additional reading:
https://grapheneos.org/features#sandboxed-google-play
https://grapheneos.org/usage#bugs-uncovered-by-security-features
- GrapheneOS is not complex. For the most part, it works exactly like any other Android device would. The features page explains what GrapheneOS adds/changes over AOSP. Other than that, you're getting the same thing you'd get on other phones in terms of complexity (which means, not complex at all).
Great care is taken to ensure that new features we add (like Storage Scopes and more recently Contact Scopes - features which allow you to grant granular file/contact access to apps while the apps think they have access to everything) are easy to use and intuitive, so I wouldn't call those daunting or complex. Our documentation hopefully helps too!
- GrapheneOS is a privacy and security focused project. Shipping security updates as quickly as possible is the bare minimum. Not only does GrapheneOS ship new security updates for its supported devices very fast, but it is sometimes even ahead. https://grapheneos.org/features#more-complete-patching provides some information about that; particularly:
We're able to quickly and safely ship the latest Linux kernel LTS point releases on devices with GKI (Generic Kernel Image) support including the 6th and 7th generation Pixel phones. At the time of writing on 2023-02-23, GrapheneOS is using the latest Linux 5.10 GKI LTS release (5.10.168) for 6th and 7th generation Pixel phones. The stock Pixel OS is on Linux 5.10.107 from 2022-03-19 with a small number of additional patches backported. This means GrapheneOS provides hundreds of relevant kernel patches including many security patches not yet included in the stock OS. It's possible for us to stay several months ahead due to their approach of moving to new LTS releases only in quarterly releases after a long freeze and testing process.
Furthermore, GrapheneOS' approach has always been to ensure that its patches/changes are minimal, very well coded, and highly portable. This is important because it is of utmost importance for the team to be able to port to new Android versions on time. Other alternative OSes out there bloat their OSes with a lot of frills which come to bite them when it's time to move fast, and they fall behind. GrapheneOS doesn't.
I hope that this gives you some food for thought - if you have any follow-up questions, or need anything else, please let us know.