Define confidential. I don’t think that is an applicable or even correct term here.
This reads like you want to continue the current general discussion. I do not, and i hope that’s what you really meant to say.
SFOS is “fundamentally uninterested in your data”.
This is all the privacy respecting one needs.
Supplementing this it has regular bog-standard permission handling for things like contacts, passwords and whatnot.
As for active measures, there is basically only one to my knowledge - it runs native apps in firejail to do whitelist permissions rather than blacklist permissions. So lots of things that apps don’t need to be accessing is plain just not there for them.
The Android runtime is in a container, so anything going on there can’t break out into the real OS.
It has VPN support too of course, but that’s just a tool like any other - contrary to popular marketing they are not magic cloaking devices.
Security is not a feature, it’s designed in. Not to be confused with buzzword over-hyped countermeasures.