privateuser On Linux, many developers recommend calculating the hash for a binary and comparing it before actually running the binary.
Really? Before running it each time? I'm not sure that's exactly how validity is checked for most programs on most Linux machines (counterexample).
But "how desktop Linux distributions do things" isn't a great source of guidance for Android, since Android security is much better than the security of many Linux distributions (which rely a lot on ambient authority).
privateuser If I install an app like Signal from the Play Store, I currently have to trust Google that it is giving me the exact copy of Signal submitted by the developer.
Not completely, see "Code transparency for app bundles".
privateuser However, many governments are currently going to tech companies and covertly requesting they install back doors. These companies are then not allowed to disclose this.
The moderators of this forum generally discourage alarming claims that are not backed by cited credible sources.
privateuser If Graphene added a button to run the hash in the app info, it would allow people to very easily verify the authenticity of the installed apps.
The Android app security model is based on signatures, not on file hashes. Each APK contains a signature, and when an update is made to an app the package manager will accept the update if the new APK is signed by the same certificate as the existing APK and if the signature on the new APK is valid.
When the Play store first installs an app, it does whatever checks it wants. Many GrapheneOS users check the validity of APK signature certificates using an app called AppVerifier, and there is a long thread on the forum where people post hashes that aren't built in to AppVerifier: https://discuss.grapheneos.org/d/15368-lets-compare-hashes-for-apps-not-in-appverifiers-database
AppVerifier is available in the Accrescent app store, which in turn is available from the GrapheneOS "App Store" app.