MicroG reverse engineered,
and re-written as much as possible from GApps libraries, from the ground up, as open source software.
These re-implementations are as light weight and privacy respecting as possible on your local device,
however the same does not count for the Google servers it communicates with (if you choose to enable them).
For SafetyNet attestation, a proprietary, isolated, DroidGuard blob is downloaded (if you choose to enable it).
You’re both kinda right afaik.
MicroG reverse engineered, and re-written as much as possible from GApps libraries, from the ground up, as open source software.
These re-implementations are as light weight and privacy respecting as possible on your local device,
however the same does not count for the Google servers it communicates with (if you choose to enable them).
For SafetyNet attestation, a proprietary, isolated, DroidGuard blob is downloaded (if you choose to enable it).