Not the OP, but there was a time about a year ago (can’t remember if it was pre- or post- Daniel leaving the team lead role) where graphene was very vocal about how they felt that the Google play store security model was superior to that of F-Droid and Aurora. They poured massive amounts of development in to making it possible to use the play store directly in the OS through the sandboxed plag services. They expressed very clearly that they felt the only safe places to get apps was either directly from the developer or through the play store.
Graphene hasn’t been as vocal about this kind of stuff since Daniel stepped out of the limelight, and I did a quick search for the old twitter posts that covered the topic but couldn’t connect to them on twitter. That could just be because I don’t have a Twitter account and Elon is jacking up Twitter access these days.
Not the OP, but I believe they’re talking about the upgrade from 128 bit AES to 256 bit AES. It created some compatibility issues between clients for a few days as the ones that weren’t updated yet couldn’t decrypt the newer 256 AES encrypted notes. That was my experience anyways. It’s a great app/server from my personal experience.