There are goverment apps I need to install on my phone. I heard that GrapheneOS is ideal for that, since GrapheneOS user profiles are reliably isolated from each other, I can install all the government apps in a separate user profile, so those apps cannot communicate with or snoop on my other apps.
But if I don’t use GrapheneOS, what can those apps do on my regular Android phones?
What data can an app collect from a phone running regular Android vs GrapheneOS? What’s the difference?
Its a long page but this might be enlightening: Frequently Asked Questions | GrapheneOS
You don’t need GrapheneOS to contain your (user-installed) apps or block them from accessing sensitive identifiers. A modern stock Android device or an iPhone gets you 95% of the way. The differences between GrapheneOS and AOSP, on which different Android flavors are based, are listed here. If these resonate with you, GrapheneOS is worth considering.
However, if you are simply worried about downloaded apps not having a free-for-all, an up-to-date stock Android device is more than enough, though GrapheneOS goes even further in containing what apps can access. This is to say nothing of Google Play services themselves, which are optional and run as standard, sandboxed apps, contrary to stock Android where Google Play starts out with all the runtime permissions granted.
You also don’t need profiles on GrapheneOS or stock Android. It’s better to start out without them.
After using GrapheneOS, anything else just feels incredibly invasive and anti-user. It’s a great rabbit hole to get into, but don’t let anyone mislead you into thinking you need it.
Here’s the mirrored thread on the GrapheneOS forum, for reference: What data can an app collect from a phone running regular Android vs GrapheneOS? - GrapheneOS Discussion Forum