See that would be my main concern is someone uploading an app that says one thing and does another. MITM wouldn’t be the first thing I would worry about because it would be much easier to write some code maliciously than it would be to MITM. If a bad actor were to write an app and hide a few lines of code in there (which wouldn’t be hard) and so to me at least it’s really important how these apps are verified. Small unknown app store is a nice place to target and I’m sure people have tried, if they already have malicious app coded and tried to upload it to other repos, there’s no harm in trying again at smaller ones. Obviously they want to cast a wide net but and getting it into the play store would be ideal and personally I’ve never even heard of this app store before and I am sure that’s true for a lot of other people but after seeing how the spending is drastically increasing makes it more skeptical now than ever.