In order to get a subverted APK onto your phone, that APK has to be created, a set of devices that includes you must be defined, the APK must be delivered to them, and those phones must accept the APK as genuine. Right? If the software that now runs on those phones reject the APK as being signed by the wrong developer, or something else, then the game is up. But let's assume that the developer has some way to install software despite the signature-checking that your device runs.
If the attacker can identify your devices 100% precisely, just one device, then the rest doesn't really matter. But if the attacker has incomplete information or a coarse attack vector, then others must be attacked along with you. For example, if the attack works by putting a subverted APK on one or more CDN nodes, then everyone else in your geographic area gets the APK along with you.
If there's one person who gets the subverted APK and checks it against the original, the attacker's attack is public. If there's one person who automatically uploads all new installed APKs to apkmirror.com, then the attacker's attack is public. See?
There is (AFAICT) no single list of people who would discover the attack, and who therefore must be avoided by the attacker.
Now, if the attacker is willing to have the attack revealed a day after it happens, this may be acceptable. But otherwise, the attacker has to find a way to target you and avoid any false positives who might do that checking.
Right, this may or may not be relevant to your threat model, but isn't really helpful information for someone looking to build the software reproducibly. Would you mind sharing sharing how you did it?
Oh, building it reproducibly? That's the default. You just run a new-enough version of gradle; build.gradle is set up already. There's a tool called apkdiff to compare everything except the signatures.
