sharedUserId makes the app share its Linux UID (and therefore private data and permissions) with other same-signer apps. It is deprecated and a lateral-movement risk.
sharedUserId merges your app's Linux UID with any app signed by the same key that declares the same value. One compromised or careless app in the set reads every other app's private storage.
Your app's sandbox is only as strong as the weakest app sharing the UID; the mechanism is deprecated for exactly this reason.