Yeah, that I know, but I was wondering if they publish the md5 of the apk or compiled app so that you can test later on or something. Or if it’s possible to check the md5 of the downloaded apps from the store. I am not sure why I am downvoted, I think it is a legitimate question.

Some bad guys could fork the app, add some changes and publish it in third party stores.

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/open-source-apps-google-play

Something similar to this: https://www.infosecurity-magazine.com/news/malicious-python-libraries-found/

And I am not the first one asking this question:

https://opensource.stackexchange.com/questions/11098/what-guarantees-that-the-published-app-matches-the-published-open-source-code

Edit: a colleague just shared this with me! https://signal.org/blog/reproducible-android/