SergeJean
I default to the GOS devs stance on Aurora store being no bueno. Making a dedicated Google Play account for your device has gotten easier. Use a public open WiFi for example, and set up your own 2FA in the account to avoid a random request for phone authentication. You can search other methods if you need, I believe through YouTube may still skip phone number requirements? I have had a couple GOS devices over the years and each have their own Play account, only used for apps on that device and nothing else.
So if you're wanting apps that are available on Google Play, I'd say use a proper burner account rather than Aurora. If you want to see the discussion about why Aurora store is not recommend, just search the forum.
GOS also has Accrescent as an app store that has App Verifier. You can use this to verify APK downloads for authenticity. Password managers like Bitwarden or KeePass have APKs on their website/github repo, magic earth will email you an APK if you ask their devs. You can verify these with App Verifier and be confident you have a safe app - if you want to avoid Google, that is. Your call.
Just keep in mind you may have to follow the git repo to find out when an update is released. I do this with an RSS feed for any APKs I have used in past.