Planning to buy a sim and availing sim registration services so I don’t use my real info for registration. Planning to use this sim on my upcoming Pixel 9 that will be installed with GOS. If I only use this sim for data and my threat model does not necessitate being invisible to network operators, can it be used to connect my work accounts like gmail and facebook that lives on a private space to my personal accounts like my tuta and signal on the main profile to each other? I just want accounts on each profile to be separate and not be known as owned by the same person.
Clarifying question: is a VPN (or alternative) part of your equation?
yeah. planning to use the free version of ProtonVPN. I am open to suggestions on other providers but I will still proceed with Proton because I can’t afford to have extra expenses atm with all the stuff happening these days.
In that case, based on my limited knowledge, I don’t see any glaring risks. But hopefully others will chime in and confirm or point out flaws in my thinking.
As far as I understand, your IMEI (device identifier), and your IMSI (SIM identifier), are protected from and not visible to non-system apps on your device.
So anything you install in your work profile or your personal profile should not be able to use those identifiers to correlate your browsing.
Why I asked about a VPN
It seems that it’d be at least theoretically plausible, and not prohibitevely difficult, for a service to correlate your work and personal accounts over time. By (for example) identifying patterns such as two accounts tending to almost always connect from the same mobile provider assigned IP address around the same time as eachother.
It seems to me that that pattern could be used to infer that these accounts are likely associated with the same user. I have no idea if methods like this would be used in the wild, or how accurate they can be. And regardless, it seems it could be mostly mitigated if you use a VPN or some other method of preventing remote servers from seeing your true ISP, and even more so if you use a separate VPN connection per GrapheneOS profile.
TL;DR I don’t personally see an obvious way that sharing a data plan between work and personal accounts would lead to correlation assuming you use a VPN. But I also think you should wait on a 2nd and 3rd opinion and consult the GrapheneOS docs, as my knowledge of cell networks is limited.
thanks for your thoughts. I guess it really is hard to get the perfect setup for your personal privacy journey on the first try. hoping someone more knowledgeable chimes in as I don’t want to make a mistake that is unsalvageable or costs my wallet more just to course correct.
From my understanding you cannot technically prevent this from the app side. From the network provider side I would guess @xe3 has already covered it quite well. Though I might add that I don’t think there is a leak-proof proxy interface implementation on any consumer OSes, so I would treat it as strong separation rather than a technical guarantee.
then since there is no absolute certainty, do you think I should proceed with my planned setup? or any tips/changes? my plan B was to just use my LG V30 which I turned to a DAP for hotspot but the negatives are quite glaring with it having what I think is a weaker modem and if I lose/forget it at home then I am kinda screwed.
I think your question depends most on what apps you plan on using in your personal profile. On GrapheneOS (GOS) and on all Android distributions for that matter, apps can attempt to identify whether they are running on the same device but on different profiles through various non-hardware identifier, such as performance measurements, time zone, locale info, OS version, free storage, battery API, and other publicly available info that all apps can access. But all that hinges on the apps doing so together on both profiles. Those data points are far less valuable if they’re only from a singe profile (your private space, in this case); you’d blend in with other local users much more. If your main profile only has trustworthy & privacy-respecting apps that won’t share such info with advertisers or other data aggregators, then there’s not much risk on being exposed on the technical side. You’ll have to make the call of trust on what apps are trustworthy by yourself.
I personally see that the risk of being exposed/connected comes much more from the apps themselves; they’ll still collect all the data they usually do & will try to profile you just the same as on any stock Android distribution. GOS can’t affect what data apps collect inside of themselves. It doesn’t matter if you’ve properly isolated your main profile & your Private space if you reveal the connection between your private & work life inside the apps themselves accidentally or otherwise. I’d suggest focusing your attention there.
Regarding the VPN, the main profile (Owner in this case) and the Private space have separate VPN slots; your main profile VPN can’t/won’t touch network traffic originating from the Private space, and vice versa. The free tier of Proton VPN allows only for 1 device/connection at a time, so you’ll either have to get another VPN for your Private space or create another separate Proton account. And no, there is no technical workaround for routing the Private space internet traffic through the main profile VPN connection.
Another technical aspect that you should be aware of is the Phone permission. Giving an app the Phone permission allows that app to see your current phone number, so be careful which apps you give that permission to. Also, any apps that you designate as the default SMS app will gain access to your IMEI & IMSI. This is not an issue by default as the base app is the AOSP SMS app that doesn’t send any data anywhere. But if you plan on using another SMS app (such as Google Messages for RCS), this will be an issue.
In regards to using your LG V30 as a secondary device, I wouldn’t recommend it at all. It has Google Mobile Services (GMS) installed by default & running unrestricted. It’d be collecting much, much more data on you compared to running GMS sandboxed inside your Private space on your GOS phone; you’d be giving Google (and any other data aggregators they might sell that data to) many more data points to try & correlate your personal & work lives.
I’d say you’re definitely on the right track, separating your private & work lives into the main profile & Private space. I use that setup myself. Here’s my two cents since you asked for tips. If at all possible, try to keep your main profile as Google free as possible. Sure, GOS sandboxes GMS by default & limits the data they can access, but the less data they can get the better. I don’t know your apps, so I don’t know how feasible it’ll be for you, but I’d recommend at least trying it. But if it turns out not to be possible or pragmatic & you simply have to install GMS on your main profile, it’s not the end of the world.
If you have any more technical questions, ask away. I’d also recommend checking out the GrapheneOS forum. And of course, welcome to the world of GOS. I hope you’ll enjoy your stay. 
I am not a native English speaker. I speak for myself, my opinions & statements are my own, and I am not a part of the GrapheneOS project or team, nor do I represent them.
Wow thanks for the detailed write-up. I am trying to go for a very minimalist approach and if Proton only works on one instance and I think it’s abuse to use 2, then I would only be using it on my main profile as my work profile will literally only contain google’s suite and facebook and I don’t mind getting tracked on what I do with my work accounts.
I guess it’s my call then if what apps are trusted for my main profile but I for sure won’t be using any google stuff in it as I plan to just use foss apps . SMS also won’t be an issue as I have a separate dumb phone for texts and calls.
Thanks again for the help because my OCD forces my brain to be perfect else it feels like all is for naught. I also know it probably won’t be perfect on the 1st try but at least I think I am regaining what I would probably lose if I don’t do this setup.
Buy an anonymous eSIM. Everything depends for what you are using and how you are using the GOS + SIM(eSIM).
is eSIM better than a physical one? I don’t think there are any anonymous eSIMs in my country but I think an anonymous SIM here can be converted to an eSIM through their app.