" ...It's true open source apps can be modified before building them. If you're worried about that, you can build them... "
Sigh.... been there, done that (on other platforms); I'm getting too old
"...Apps can't just modify themselves while running like that..."
Well, I was thinking about the use of DLLs (.dll) to temporarily bring in the function at execution time from over the net - not modifying/updating the app itself. This is what I would do - it would allow Google to bring in "the latest and greatest" metrics even to last month's apps. Of course if this is used, it also presents the possibility for someone to modify the DLL modules with nastyware, TLA-ware, etc.
"...My guess is if they detect this kind of thing, they'd just not update the app or they'd remove it from their repository..."
Sigh..... you're probably right. Which for me means using an absolute minimum number of non-GrapheneOS apps, and then only from careful, trustworthy developers. Pray for a well-supported GrapheneOS application "store" that uses hardened compilers and no outside DLLs.
Thanks for your responses here and elsewhere!!