other8026 Ahh damm i thought i had done adequate research when i read here which i thought only applied to google developed system apps (internal tooling)
Thanks for pointing that out, thats certainly more reassuring than the developer having no ability to verify code, fingers crossed they havent got some way to embed executable code in images haha.
Hopefully they make that mandatory as leaving it at the developers discretion seems weak.
Im not sure if your powers allow you to delete the post or not but I feel like its proberly the most responsible thing to do, sorry for inadvertantly creating fud.
Chipper publishes it then of course scans and monitors the app before and during use
I was referring to 'Google Play Protect' , 'Play Integrity API', and Googles AI powered threat detection system, which if google was the bad actor would be irrelevant.