This is suitable for a hobby project, but in practice this will become unsustainable for even a small number of third-party apps. Details like the manifest can easily change between updates, so unless you're auditing every APK every update, malicious code could easily be added.
If you're concerned about malware scanning, you should not download anything from F-Droid or Obtanium, and stick to Accrescent and the official Play Store.
Android already assumes that app developers are to be untrusted and minimizes app privileges. Ultimately, the sensitivity of the app depends what you're doing on it and the permissions you give. No amount of malware scanning will prevent a compromised password manager or keyboard from exporting your secrets within parameters legal to the system, for instance.