I use Shelter to setup a work profile next to my owner profile for the convenience. I installed the sandboxed Google Play Services in the work profile for some apps that depend on it.
The initial issue is, that apps in the owner profile seem to be able to detect that the Play Services are installed, but obviously can't access them. I'm not sure why apps in the main profile space can detect what is installed in the work profile app space in the first place, but this behaviour leads to the main issue:
Some apps in the owner profile, when installed after the Play Services were installed in the work profile, are designed to use GCM/FCM if available and only fallback to alternative methods for push messages like polling if Play Services aren't present.
A subset of these apps refuse to fallback, since Play Services were detected, despite it not being usable in the owner profile and can't seem to be manually configured to force a fallback. This unfortunate combination of factors prevents those apps from providing push messages at all. A prominent example would be the official ProtonMail Client.
Now there obviously are a number of potential workarounds to counteract this, e.g:
- Temporarily remove sandboxed Play Services from work profile, reinstall affected apps in owner profile, reinstall sandboxed Play Services in work profile
- Utilize another user profile instead of a work profile
Neither of these approaches seem to be practical to me. The first one may have the potential to break existing apps in the work profile depending on Play services, though I haven't tested this, and the second one simply isn't all that convenient.
I'm quite sure this is an architectural limitation of the Android implementation of work profiles, but I'm asking for help/sugggestions on the off chance that this behaviour can be mitigated.