It's not really like having multiple phones. User profiles are a useful features, also for privacy, but they are not a privacy or security silver bullet. Within any given user profile, apps are sandboxes. An app can't peak into the contents or internal data of another app and can't access things it isn't given access to per the permissions. Despite not being able to peek into other apps, apps can use IPC to communicate with other apps bases on MUTUAL consent.

User profiles (secondary profiles, private space) don't enhance this sandboxing. The apps already were sandboxed. What they do, though, is aid in isolation in a number of ways. The allow the use of a seperate VPN slot which can help split up identities, they restrict the IPC to communication with apps within that profile (not other profiles), they have separate clipboard, user data and non-global settings, they have distinct encryption keys and can be put at rest on demand without rebooting the phone (not possible for Owner profile).

I understand that you have a concern, but may I ask what you mena specifically by "trust", and how would profiles help? Is it about accessing phone data or something else? As far as fingerprinting goes, I don't think profiles matter -- they already know who you are and can associate you with data from other sources.

What about settings, though? Don't you have to set up each user profile separately?

Also, what if you ever want to share a file across user profiles?

Sharing files requires a bit of creativity.

You can share with file synchronisation apps like Syncthing/Ouisync [0], exploit a temporary weakness in the isolation model with Inter Profile Sharing [1], or simply copy the files over to an external storage device and transfer them that way.

[0]https://github.com/Catfriend1/syncthing-android

[0]https://github.com/equalitie/ouisync

[1]https://github.com/VentralDigital/InterProfileSharing

I've successfully used Material Files [1] to set a nework shared folder (I think it was FTP) on one Android profile, and accessing it ("connecting" to it) from the other. So this might also work between GrapheneOS profiles.

[1]: https://f-droid.org/packages/me.zhanghai.android.files/

See: https://github.com/VentralDigital/InterProfileSharing

It also shows that profiles can't really prevent an app from correlating profiles on the same device, by listening on a local socket.

If you disallow Network permission to an app (a GrapheneOS feature), local network access is also disabled.

You can use Seedvault to make and restore a backup. Set up a secondary user profile with settings only (no apps yet), make a backup and use that in future for initializing other profiles.

There are apps like Inter Profile sharing (appID: digital.ventral.ips).