Android enforces the Trust on First Use model. You only need to get it right the first time. If you download the APK from the developer and it was good you're set. If you download from third-party repos you're trusting them for first install AND all upgrades
Discussion
Just to clarify that izzyondroid uses apks publicly provided on each repo's github releases page. So those are signed with the original developer's keys.
In this case, it's literally just curation.