Awesome! Thank you :) My threat model allows for using GPS (Google Play Services). I try to avoid getting apps from Google Play whenever possible, but I have some apps I pay for that are not open source, not available anywhere else, and I want them connected to my GP account.

You can set up an anonymous Google account if necessary, or choose to not use it at all. Graphene has some cool things like the ability to deny network access (for keeping Gboard from calling home for example), storage scopes, sandboxing etc, etc., so personally I'm okay with it. However, it is threat model dependent.