Using google apps strategy

bobster89

I just ordered a pixel phone to put GrapheneOs on and I have 2 ideas each of which is a way I can utilize google apps in the most fortified setting.

use a google specific profile. use a VPN on that profile. It's sandboxed from other profiles. I realize the VPN isn't gonna stop Google from identifying me seeing how I'm logged into google accounts or whatever, but it's just another layer of security on top of VM environment of profile.
don't put google on phone whatsoever and have my old secondary phone (samsung) on and tether to it.
This might allow for things like android auto on samsung via GrapeneOS internet connection, but it also might create link between the phones in some way.
I've seen links about tethering in semi hostile environments so maybe I can usb tether the devices assuming that's a secure idea.

I'd love to hear thoughts on these approaches and potentially better ideas. I do have some android apps I want to have access to, but trying to find the best path forward.

[deleted]

If I were you, I would use a Google specific profile as I would be benefiting from all the security and privacy features of GrapheneOS and sandboxed Google Play, which do not exist on your other Samsung phone.

bobster89

Ok fair point

[deleted]

bobster89 If you find different user profiles to be inconvenient, you can install Sandboxed Google Play into the owner profile as they are still sandboxed either way. Don't do this if you aren't fine with running Play services 24/7. With user profiles, that isn't a concern as you can end the session, stopping play services from running until you open the profile again.