Since Bitmart is a centralized exchange that you are eventually going to 'trust' with your funds when you deposit, you might as well trust their server to download the legitimate app. Even if you were downloading from Playstore, you still wouldn't be 100% sure you are downloading the right application, except in this case you'd be updating an application that you've already installed previously and have been using. If a service isn't open source, you simply have to trust it without verifying yourself.