It is not controllable at all: It still enforces any app author's will against the user's. Root is not offered, and the grapheneos maintainer seems to be personally offended by the thought that root could be helpful.
What I mean: I cannot see the app's files, I cannot edit them, I cannot backup the app locally, only by uploading data unencrypted to googles cloud. Adb backup was unreliable in the past, could be switched off by the app against my will, an is deprecated anyway. I cannot screenshot an app if the app doesn't want me to. I cannot block ads properly, only via some fake VPN app, but then I cannot use an actual VPN at the same time. I cannot firewall an app, except with a hack using another fake VPN app. I cannot disable an app into background. I cannot give a fake GPS to an app.
I cannot have f-droid auto-update my apps. All of these things I should be able to do, but the anti-user "security" enforces this against me, actually hurting my security in order to make googles and shady app vendor's business models possible. And then they claim it's for my own good.
A lot of the "root is bad mkay" is fueled by this more or less hidden agenda. That it helps to idiot-proof devices is a nice side effect only. Historical proof of this hypothesis is: When TCPA was first introduced it was explicitly made for DRM. People fought it a lot, so today they are introducing it disguised as security measure.
