With GrapheneOS, You have the option of disabling the updater app from the owner profile. Furthermore, you can disable GrapheneOS default App updates from the app store. Then you can side load ALL updates yourself. Any malicious update, regardless of how it was done would require the GOS signing key, so this scenario you are envisioning is highly unlikely..