Hi @gaufffke, welcome to the forum!
gaufffke I haven't even used any sandboxing mechanism.
You did for sure and that's great! Every app on Android and GrapheneOS is sandboxed :)
What you probably meant is that you haven't downloaded Google Play services from the App Store. On GOS these work just like regular user installed apps. They're called sandboxed simply because that's not the case on operating systems that license (come preinstalled with) Google Mobile Services (GMS).
As for your question, the easiest way would indeed be to set up a separate account used exclusively for downloading and paying for apps inside the play store. That comes with some, although greatly limited, caveats. Those come to my mind at the moment:
- You end up giving some information to Google but it is still extremely limited compared to stock OS. (A few to mention: list of installed apps, data you have provided to sign up, your network country code)
- It might be tricky to pay without revealing additional info about you - gift cards could demand e.g. a phone number just to be redemeed or cause other problems.
The most clean way to purchase an app if the publisher doesn't provide regular online purchase from their website, is to contact the developer/publisher directly (probably via e-mail) and ask if their app could be purchased outside of big tech ecosystem.
Doing this might seem futile, especially with certain publishers, but if you care enough to think about this, you probably should contact them regardless. It's kind of like voting, let them know both sides should have a choice!