I've been using GrapheneOS for about 6 months now and really love it with the exception of one big thing: notifications.
Almost none of my apps (with the exception of Signal and K9-Mail, which run constantly in the background, consuming battery) can consistently serve me notifications. I assumed this was because I did not install sandboxed Google Play Services. Finally, I broke down and installed it, making sure to turn off network access. I felt like this was an acceptable compromise as I seriously needed notifications from my email, banking, and messaging apps.
I was surprised to find that notifications still did not work. While I understand that for feature-completeness, Google Play Services would need network access (for maps, payments, etc), I cannot imagine why a local notification service would need this. I imagine this is simply an example of the intentionally poor development practices that big tech uses to couple services, pressuring the user to accept their privacy terms to use even the most basic features.
For me, disabling network access for a notifications services is non-negotiable. I have no reason to trust that any service handling my notifications will not read and store them on a remote server. The only solution I feel comfortable with is one in which the service cannot access the internet.
My question is if anyone in the GrapheneOS community has figured out a way to get notifications from all apps without allowing network access to the service in question. The main services that I have heard about are sandboxed Google Play Services, microG, and UnifiedPush, but I have never found any conversation on the forums or issue-trackers about disabling network access for these services.