I have seen in a few places that fDroid and Aurora are not always the most trustworthy, so use Google Play. Since my interest in privacy eclipses my technical abilities, I don't think I can reliably judge what is a risky download or not. Google Play is the devil I know.
If apps are installed by Google Play, don't they have to live in the sandbox with it? I may be misunderstanding how the sandbox works, but I'm guessing if everything is playing in the same area as Google Play, doesn't Google then have access to the apps you download with Play?
FWIW, because I'm paranoid about this, I have very few apps on my current Android, so there isn't too much I would need to figure out how to use or replace.