Sorry to sound like an ad, but I'd hate myself if I didn't take the opportunity to mention Accrescent, which is a big leap forward from an end-user security perspective vs F-Droid: https://accrescent.app/

Of course, if Google succeeds in their mission to kill AOSP, kill unsigned APK installation (even for power users) and force all developers to submit photo ID, this is kind of moot.

The mobile FOSS community would benefit from accelerating transition away from Android to alternatives, even as incomplete and insecure as they are at the moment. The upstream maintainer of the OS itself is an entity that is hostile to the ownership rights end users have over their own devices, has been doing a ton of engineering work on "DRM" (to "manage" aka remove YOUR rights), has shown warning signs of abandoning the open source nature of AOSP itself, and has generally signaled extensive hostility towards their own end users, on an ongoing basis, across more or less all of their product lines. Alphabet/Google has been very clear about telegraphing how much they hate your freedom and how hard they're working to alleviate you from the burdensome weight of being able to decide what runs on your own hardware that you purchased.

I say this as a disappointed and worried GrapheneOS user. You can rip Google out of Android. Ripping AOSP out of Android is a much more complicated and much less realistic task, though. I'm not advocating for everyone moving their entire PROD workflow off of Android and onto a Linux smartphone today, but we shouldn't be burying our heads in the sand to the long-term risks that Alphabet itself poses to the availability, auditability, trustworthiness, and usefulness of AOSP.