How is it intrusive? Given charitable assumptions like granular permissions, silod app data only extracted through intents, and using only local compute?

I'm all for questioning Google on whether those assumptions will be true and no data leaves your phone, but I'm curious about the concept.