My bank publishes a Play Store link to their app on their website. If I assume that Google would not maliciously hijack their app ID, I can assume that the app is authentic.
Expecting my bank to listen to suggestions about publishing hashes for F-Droid users is not realistic, so assuming that they would never do this, how would I verify the app outside of the Play Store?
Expecting my bank to listen to suggestions about publishing hashes for F-Droid users is not realistic, so assuming that they would never do this, how would I verify the app outside of the Play Store?