I think GrapheneOS does things completely differently, with actual Google Play Services in a sandbox, and doesn't need signature spoofing.