I think that line has been blurry (blurred?) for a long time. Is it ill-intentioned when Apple slows down charging with non-authenticated cables because "they might be shitty and high currents can cause a fire"? If companies can hide behind good intentions, they will. And I'm not even sure such intentions originate from human beings, anymore. Not from individuals, at any rate.
I can't really comment on that but what I know is that play store also has KDE connect available and this issue is not happening for the people who got it from there. Perhaps it's someone who has some sort of play signing enabled with uploading unknown apps and the signature difference between play and fdroid versions might have created a false positive.
That's my bet as well, the signature difference probably makes it look like one of the many fake APKs people often download from piracy sites and malware infested file sharing sites.
Unfortunately, Google doesn't let you upload an APK with your own signature to Google Play anymore, so the devs can't really offer any solution. Best I can come up with is downloading the signed version from Google Play and uploading that, but that'd make updating the app wirhout uninstalling impossible for most of their users. Same with offering the free version as a different package name as the proprietary version, existing users would lose updates.
Google needs to fix this because they're basically killing every alternative app store this way, which probably violates the DMA/DSA law (whichever applies here) in quite a major way.