Hey! This is a topic that has been discussed numerous times before - you can likely find other instances of it being discussed if you look for it on here.
That said, apps in the same profile can communicate with each other with mutual consent. Mutual consent means that both apps have to agree to be able to share data. If one party (one app) is unwilling, another app can't just take another app's data. All apps are sandboxed and their app data is isolated.
This is in no way specific to Google apps, it's something that apps can do in general. IPC is not some evil thing, you probably see it in practice when using your phone every day, and you don't even realize it.
If you don't want two apps to be able to communicate with each other in this manner, even if they mutually consent, you can put them in different profiles, which would prevent them from being able to see or communicate with each other.
Furthermore, GrapheneOS will likely have a feature in the future that will allow you to prevent app communication in the same profile as you choose. You can see a proof of concept of this here:
https://twitter.com/GrapheneOS/status/1636042398043086850
The feature is in the research phase, because the project wants it to provide meaningful benefits, and not a false sense of security, so there are multiple things that this feature would have to adjust for it to provide a tangible benefit and actually do what it says on the tin. There is no ETA for when this feature will be added.
I hope that helps!