I use it instead of /e/ Apps. And I have Apps set to not automatically install updates: I always do updates using F-Droid. That said, there shouldn’t be a problem updating with either, as Apps gets updates of FOSS/F-Droid apps from cleanapk.org which claims to get them from F-Droid, so you’ll be getting the same versions - it just takes a bit longer to get the through Apps. The same is true - for now at least - of App Lounge which also gets FOSS updates from cleanapk.org
I’ve used F-Droid since 2014, on standard Android, and now on /e/; in fact, it’s the only store I used on standard Android, as I had disabled all the Google apps on my device. And on /e/, I have only rarely used the included App store.
I’ve never had any problem whatsoever with F-Droid apps, and I consider their vetting/building process to be very secure.
Firstly, neither /e/OS nor any other version of Android is a secure phone OS: if you need a secure phone, then look elsewhere.
Secondly, I am very dubious about paying too much attention to stuff written by people who choose to remain anonymous, and give no indication of how qualified or otherwise they are to comment or theorise on whatever it is they are writing about. All we know about the author is what they state about themselves on their blog:
un pauvre type passionné et curieux sur plein de sujets : développement, sécurité, pharmacologie, neurosciences, les sciences en général. Fut un temps où je faisais des études médicales, et je me suis un peu perdu dans la vie, mais je sais que ma curiosité ne partira jamais.
I did spend some time reading the article, and the following points occurred to me:
1: The author quotes and links to a paper (all of whose authors appear to work for Google) which says (my emphasis)
Based on a definition of the threat model and Android ecosystem context in which it operates, we analyze how the different security measures in past and current Android implementations work together to mitigate these threats.
Yet shortly after that the author states (again, my emphasis)
These analyses do not account for threat models and personal preferences. As the author of this article, I’m only interested in facts and not ideologies.
A “threat model” is not an “ideology”, and attempting to discuss security without mentioning what threat models you are attempting to secure against is (in my opinion) meaningless.
2: The author also states that
A lot of information in this article is sourced from official and trusted sources, but you’re welcome to do your own research.
Yet apart from the paper linked above, the author does not state what those sources are. It would be easier to do our own research if the author had provided references or links to those “official and trusted sources”, or even just listed them.
Finally, the paper seems to suggest (and I am paraphrasing) that installing closed source apps from Google’s Play store is more secure (against the threat models that the author refuses to account for) than installing open source apps from F-Droid: apps built and signed either by the developer or by F-Droid from a supplied source tarball. Such a conclusion is - in my opinion, which you did ask for - laughable, and makes me think that I have already wasted too much of my time reading, thinking, and now writing about the contents of the article.
Feel free to draw your own conclusions, but I have already spent too long engaging with someone who is wrong on the internet, and I’m not going to get sucked into spending any more time on it.