It’s important to note that someone doesn’t need to login to Google Play for sandboxed Google Play to work. It’s required if they want to use the Play Store, though that’s optional. You also don’t have to use your main Google account to sign in, but can make a throwaway purpose-specific one. Hell, because sandboxed Google Play works just like any other app, you can have multiple instances of it across profiles (of which you can have over 30 on GrapheneOS) each logged in with a different Google account, or not at all. I also don’t agree about it “centralizing” the data collection process. As mentioned in my previous post, not only do apps use Google libraries with the same amount of access, but the ones relevant to this don’t require sandboxed Google Play (think analytics, ads SDK, etc.). Doing away with sandboxed Google Play while using apps that freely use Google libraries is the wrong approach. A better approach is deciding what data you want to trust an app with, and only granting them access to that. GrapheneOS has features like storage and contact scopes, the sensor permission etc. to help reduce that to a minimum, with more similar features coming in the future.
microG is running in the background too, and it does communicate with Google services, which makes sense of course, cause how else would it be able to provide FCM functionality etc. On GrapheneOS, you can end the session of any user profile you want so that profile isn’t running at all. You can choose when a profile runs. You can also disable all user-installed apps so that they’re not running. The choice is up to the user.
I’m happy to be corrected here, but while DivestOS does provide sandboxed microG (which to be fair still requires doing stuff like signature spoofing), it isn’t able to provide the same functionality as “full-fat” microG. I might be wrong on this point, though.