The key would appear untrusted, though. Which, admittedly, is not much of a defense: most developers would just assume it’s a new key and trust it blindly. Still, it would be an additional data point, and possibly another chance to spot the typo (if the UI repeats it).
That's why you check the signature to make sure it's the right one. It's almost always listed on the developer's web site, plus you can often google the signature to see if it's one other people are using as well.