This looks great, though quite new: https://github.com/soupslurpr/AppVerifier

Does anyone know why there aren't more (or any?) open source apps that will verify a PGP signature of an APK file, or SHA256 hash of a APK file on mobile?

This app seems great, but, it seems a bit wasteful to start another public key database from scratch when there are already so many PGP key repositories out there (https://keyserver.ubuntu.com, https://pgp.mit.edu, https://keys.openpgp.org , etc.)