I use obtainium for my password manager and a few other apps, i also use f-droid for other apps. The way i understood it, is that f droid uses their own keys for signing apps, different from the source of those apps. But i may be mistaken on that. Also, i use graphene os, even though i believe burritos uninstalled it due to personal issues with the origonal copperhead creator. It still is, imo, the most secure os