[tremon]

Good point. How do you ensure that the APK for your banking app is authentic on the Play Store?

Maybe we should ask all banks to publish their apps via F-Droid build service so the build hashes on both the Play Store and its mirrors can be checked for third-party modification.

[ptx]

My bank publishes a Play Store link to their app on their website. If I assume that Google would not maliciously hijack their app ID, I can assume that the app is authentic.

Expecting my bank to listen to suggestions about publishing hashes for F-Droid users is not realistic, so assuming that they would never do this, how would I verify the app outside of the Play Store?