Android need an AV, not only because the apps, when yo use also the mobile to surf internet, which is a risk for every OS without protection, especially now with the war, which is also waged online and where all kinds of malware have increased dramatically. Well, GPS, it’s a difference if a webpage or app knows your country with your públic IP, or it knows your exact localisation because your GPS when it isn’t needed to work. I know that F-Droid isn’t the Panacea, but it is way better and more secure than Play Store, also GitHub has it’s flaws, first it isn`t a FOSS repository and second it’s proprietary of M$. Apart the F-Droid app can update the apps, in these from Github you must controll and do it yourself. Anyway, as I said in the first point, a smartphone never will be a safe dispositive and never is advisable to have sensitive data in it, its irrelevant if it is Android, iOS or Linux. see the cases of the supposedly safe smartphones of presidents and politicians hacked and infected with spyware not so long ago and worldwide.

A private company without a court order has no right to log the user’s activities, worse if this is done by an app that precisely must safeguard the user’s privacy, such as a VPN. It is not only privacy that is in question with the practice of surveillance advertising and data logs, this can even be synonymous with security problems, as already shown by dozens of cases of sensitive data leaked from hundreds of thousands of users, including bank details and physicians from companies that use these practices. It is a difference between a soft or app receiving technical feedback on its operation and a very different one that this app records your activities and histories in order to earn money with it, selling this data to third parties, just as many ‘free’ VPNs do, thus distorting its own operation, which in certain countries can even put the user’s life at risk. I don’t think they will ban you, but inform yourself about this problem first, which apparently you haven’t understood.