What if the developer install malware on their new update.
and millions of people will download their app then they could take the funds of the users?
As an open source software, it is possible to verify the codes behind the platform and vulnerabilities like malwaes would be spotted.
Of course users don't always verify the code or signatures from sources where they download sensitive apps and could fall victim.
Never trust; Verify.