(no title)

GrapheneOS strongly recommends against F-Droid because it has major security deficiencies and adds an unnecessary middleman. Our recommendation is using developer builds of apps. F-Droid doesn't review the code for app updates but rather automatically fetches and builds it. They make questionable downstream changes introducing security vulnerabilities. The Accrescent app store provides developer builds of apps signed by the developers for everything included which can be verified. Play Store provides developer builds but only a subset of older apps are still signed by developers since they phased it out and heavily recommend switching to Play Signing.

Aurora Store is not recommended by GrapheneOS in general. Our recommendation is to use the sandboxed Play Store for installing apps when using sandboxed Google Play in a profile. We recommend only using Aurora Store for bypassing restrictions set by app developers on where their apps can be installed. That's what was said above. It would be better if the Play Store didn't do this.

Contrary to what you're saying, Android apps do not include Google Play libraries by default. They're only included if developers explicitly go out of the way to include them in order to use Google service APIs. Android SDK, etc. is open source as part of AOSP and both the OS and AndroidX libraries are open source too. The proprietary Play libraries are clearly marked as such via being in the GMS namespace.