Interesting article and topic, I have learn some new things, thanks. It links to an other article: https://www.theregister.com/2022/12/02/mozilla_microsoft_trustcor/ According to this article Trustcor was a bad actor which allowed malwares in Play store, such as within weather apps, QR code scanner apps, etc. So quite interesting and reinforces my idea that by installing apps available on F-Droid only, by refusing to install apps on Play Store, I am at least away of most of these malware.

That being said it doesn't look like the worst thing happening since custom Android based OSes like GrapheneOS are still an alternative way to go.