Sorry to post this here (couldn't really think of anywhere else) but I posted this on the os-issue-tracker, but it doesn't show up when I'm signed out. I think I might've been shadowbanned because I signed up with Tor. Mods feel free to delete this post after it's done.
Title: Provide native support for full-disk encryption on external storage #2346
Sometimes, the storage provided on a mobile device isn't enough. The needs of some users can sometimes far exceed 256GB (think, very large database leaks to investigative journalists, data hoarders, etc.).
One option that users currently have is to use cloud storage. The security/privacy or accessibility of this, however, comes with assumptions that not every user may be able to rely on. Security/privacy-wise, it varies a lot. The provider could be scanning every file the user uploads to the service, and while Cryptomator can be used to mitigate this, it is paid on Android. Poverty or concerns about not having payments linked to a user's identity could prevent a user from using it. Accessibility-wise, the obvious downside is that it requires the user to be connected to the Internet at all times to be able to access potentially critical data.
Another option is to format a USB flash drive, external hard drive, or other block device for use with the mobile device. This too comes with its own disadvantage - all files copied to this device are (by default) completely unencrypted, which means that anyone who gains physical access to it can read everything on it. Again, there are 3rd-party options to mitigate this that already exist, but they come with their own flaws. Cryptomator is paid and EDS Lite has been unmaintained for a few years, which could mean it has unpatched security vulnerabilities.
Providing native support for full-disk encryption for external storage on GrapheneOS, I believe, would be the best of all worlds. It would have none of the pitfalls of the solutions I mentioned above, and it wouldn't require trusting any parties that aren't already trusted.