Here's a little thing that may not be obvious to many people....
When you install an open-source app from Google Play or the Apple app store, there is no guarantee that what you install actually matches the public code.
are doing a great service. They independently build the public source code for apps from scratch, review for common issues, and publish their builds. Thanks to "reproducible builds" it's possible to verify they do not tamper with the code.https://f-droid.org/en/docs/Security_Model/