[akc3n]

Might want to check out GrapheneOS's latest developments regarding it's Sandboxed Play Services https://grapheneos.org/usage#sandboxed-play-services

GrapheneOS has support for installing the official releases of com.android.vending (Google Play Store), com.google.android.gms (Google Play services), com.google.android.gsf (Google Services Framework) as regular sandboxed apps in a specific profile. These receive no special privileges and the OS itself doesn't use them for anything. They run as unprivileged, sandboxed apps like any others. GrapheneOS simply provides fallback code teaching them how to run without any of the special privileged permissions and SELinux policy they depend on having. Even within the same profile, apps not explicitly choosing to use Google services won't use them because the OS doesn't integrate support for it or use it as the backend for APIs in the OS like the stock OS.

Also, this was tweeted recently explaining the up and coming improvements, how they were made and an insightful look at how the sandboxed play services compatibility layer works.

https://twitter.com/GrapheneOS/status/1430362107875401732