Using GrapheneOS, my main profile has a handful of apps from PlayStore(Aurora): 1password, ProtonVPN, ProtonMail, etc.
I think I read somewhere that, for an app to appear in PlayStore, it must be compiled with linked libraries that implement check-ins with Google infrastructure… or something like that.
Obviously I’d expect apps like 1password and Proton to be “less evil,” but am curious whether everything from playstore leaks telemetry, or if it’s just “up to the developer”.
(in my case, I don’t have Google services or apps in the main profile at all)
FWIW, you can install the entire proton suite with Obtainium. For whatever reason though, 1password exclusively distributes through the Google play store, but AFAIK that doesn’t make the app itself any less private.
Why not just use Proton Pass?
Because you should have your email, password manager, and authenticator be 3 different services. Otherwise there is 1 point of failure.