The fdroid repository has only apps built by fdroid itself using the published source code, while a private repo could have a binary that doesn’t match the source.
It might be a financial incentive for someone to hack the dev, steal their signing keys, silently add a timebomb that at a specific time would send the whole content of the wallet to a specific monero address, replace the apk after a new release is added. Nobody would notice until too late
The fdroid repository has only apps built by fdroid itself using the published source code, while a private repo could have a binary that doesn’t match the source.
It might be a financial incentive for someone to hack the dev, steal their signing keys, silently add a timebomb that at a specific time would send the whole content of the wallet to a specific monero address, replace the apk after a new release is added. Nobody would notice until too late
Difficult hack but not impossible