Not standard LineageOS, but LOS forks that provide microG in place of Google Apps have to support "signature spoofing" so that MicroG can impersonate the missing proprietary Google apps.
More details here: https://blogs.fsfe.org/larma/2016/microg-signature-spoofing-...
> I’d also like to point out a myths I heard regarding signature spoofing. Some people assume, that signature spoofing allows to break the Android signature security model and thus rogue applications can access private app storage. But in fact signature spoofing is only applied after installation if the permission was granted, it has no influence on the package manager security model.
