So I bit the bullet and got a used google pixel 7a. I've installed graphene, that went okay with some minor glitches (turn Brave shields off!) but ultimately it worked.
I have some probably pretty basic questions if anyone has some time:
If I install, say, gmail or google maps on this phone, have I ruined privacy?
Is it possible to have multiple "private" profiles? For instance,
  • one main profile,
  • one profile that's like a LitePhone - just has telephone calls, contacts, and sms (suitable for having a phone for calls, while also doing a "digital detox"), and then
  • another profile that would be like a "guest" profile, so I could give the phone to a friend, they could login, but the friend wouldn't have access to any of my apps, and I wouldn't have access to any of theirs.
Yes that is all possible. All accessible via different PIN codes. Read that some people have their ‘Kids’ profile setup with hardened permissions (not for their 3 year old but rather their own finance fun money stuff).
There are many different write-ups on Stacker News, but this is a great intro #200175. As are these entries:

GrapheneOS

Final tip

Just make sure you grab Obtanium via https://github.com/ImranR98/Obtainium to download apps and avoid Google Play if you can avoid it (even with some privacy improvements there).
reply
If I install, say, gmail or google maps on this phone, have I ruined privacy?
There are degrees of privacy.
With GrapheneOS you have the option to not give big tech your data, but of course you can opt-in to do so installing Gmail or other Google/Meta/etc apps.
Note that you can read and send emails from your gmail account using a much more private email client, such as FairEmail or K-9 Email
You can also get map directions using other apps such as Organic Maps, Magic Earth, etc.
Is it possible to have multiple "private" profiles? For instance,
Yes, you can have multiple profiles, including a guest one:
GrapheneOS raises the limit on the number of secondary user profiles to 32 (31 + guest) instead of only 4 (3 + guest) to make this feature much more flexible.
Each one of these profiles is unique, private, and independent of each other. For example you can have a special profile with sandboxed Google Play installed while your main profile doesn't have it.
User profiles each have their own unique, randomly generated disk encryption key and their own unique key encryption key is used to encrypt it. The owner profile is special and is used to store sensitive system-wide operating system data. This is why the owner profile needs to be logged in after a reboot before other user profiles can be used. The owner profile does not have access to the data in other profiles.
For further information, the GrapheneOS discussion board is excellent, as well as the official site
reply
Yes you can do that. My whole point was trying to get away from google products as much as possible, but they are "sandboxed" , whatever that means technically, which I believe prevents them from interacting with other apps on the phone. The profiles will give you additional separation. I don't use any google apps. Of course I'm a hypocrite by buying a Google phone to begin with!
reply
Thanks, so if I have Gmail installed in a profile, it's more private even without needing to have a separate profile?
What do you think is the best beginner doc? Months ago I thought I saw a section on https://grapheneos.org/, something like "beginners start here". I should have actually bookmarked that instead of just mentally bookmarking it, because I can't find anything like that now...
reply
I like this site if I have questions: https://discuss.grapheneos.org/
reply
@nullama is more qualified than me to give you a definitive answer, but I think so.
reply
Were you a previous iPhone user?
reply
nope, android.
reply
#Use the Pins.
reply
Could you explain please?
reply
Not much but yes I have come to know that graphene OS allows you to hide your identity by using four digit pins to encrypt your apps.
reply