Hello,
Recently, I bought a new phone and immediately flashed GrapheneOS onto it.
In order to install my apps, such as Signal, Aegis, Syncthing, etc., I figured the most secure and efficient way is through Google Play services, installed in my 'Owner' profile. That's especially the matter with Signal, where the package on their website is usually outdated, as opposed to the upstream Google Play one.
I decided to make a semi-anonymous Google account on the phone providing a SimpleLogin email alias, while using Mullvad.
I acknowledged the security implications of using Google Play services, according to the official website at grapheneos.org, but I'm still uneasy. Do I grant Google access to my apps this way? Is a Google daemon always running as a background process? Would you overall consider this setup safe and would you use it? I also tried sourcing most of my apps using an RSS reader. Does that still have its use case?