I think they are using Google verified OS detection.
"Your device is not safe, you have an app installed that can monitor other apps. This may not be installed by you but in your system, for example on Huawei/Xiaomi/Honor."
Of course I will write them a mail how secure GrapheneOS is.
Exploit mitigation disabling didnt solve it, sandboxed Play Services with internet access are installed, the app runs in a work profile with Aurorastore and Heliboard installed.
Not using a VPN, tried to clear app data after weakening protections, didnt help.