If you don’t trust fdroid - in the sense that it could be hacked -, you can always download the apks from GitHub (they have those as well, not just the code) and verify the checksum before installing. Unless you think the developer’s GitHub account can be hacked as well. There’s no much escape really.
2 Likes