I’ve noticed a couple of interesting things when mixing AP with the Work profile.
I use Shelter to have a second (Work) profile (mostly so that I can run two instances of Signal simultaneously on the one dual-SIM phone, one for each number).
I noticed that even though my IP address was masked in the Main profile by ProtonVPN, it was not similarly masked in the Work profile, and was revealed there when I checked what the Work profile instance of AP was doing. Setting the Work profile instance of AP to Hide my real IP address and asking that My internet activity must appear from: Australia did not in fact work. Instead, it appeared to be from wherever the Tor exit node was (since the masking uses Tor).
I got around this by cloning the ProtonVPN app from Main into the Work profile and having that cloned instance also running. It too now chooses Australia, so I have two instances of the ProtonVPN notification dot in the Status Bar under normal operations. This now reassures me that both Main and Work profiles have masked IP addresses (even though AP says otherwise since it does not yet recognise that a suitable VPN will automatically mask the IP – probably a future addition).
One amusing thing: when I set the Hide my real IP address setting, and then turned on ProtonVPN, since it was looking for the Fastest connection (default setting), it connected to Nigeria! For a brief moment, I was a Nigerian Prince … 
There may be some implications here for what is going on above. There are two separate instances of AP in operation, one for each of the two profiles, Main and Work, which latter includes the usual suspects of Contacts, Files, and any other apps cloned to Work from Main, not to mention the System apps that are not shown by default unless you choose to Show All Apps in the Shelter settings.
So, there is a bit of complexity to navigate in order to set up both profiles to be comparably hardened for privacy. I was caught out by assuming that the VPN on Main would also be routing traffic from Work. Nope. That was fully exposed, which I didn’t realise until I checked the Work AP instance (by doing an https://whatismyip.com test from within the browser in the Work profile). So, a tip for new players at this.
Now, I’d like to figure out how to use one SIM for data in Main/Personal, and the other SIM’s data in the Work profile, since that second number is a work number…
Any ideas?