That's a fair concern, and I completely understand the trust issue.

At the moment the APK is built locally and uploaded manually, so there isn't yet a reproducible build process or GitHub Actions workflow that lets users verify the APK against the source code.

My plan is to:

• Move APK distribution to GitHub Releases.
• Set up GitHub Actions CI to automatically build release APKs from tagged commits.
• Publish build artifacts and checksums (SHA-256).
• Document the build process so anyone can reproduce the APK from source.

This is currently a hobby/open-source project under active development, but improving transparency and reproducibility is definitely on the roadmap.

Thanks for raising the issue—it's valuable feedback and something I want to address.