izzyondroid?
Yet another middleman
Discussion
Android enforces the Trust on First Use model. You only need to get it right the first time. If you download the APK from the developer and it was good you're set. If you download from third-party repos you're trusting them for first install AND all upgrades
Just to clarify that izzyondroid uses apks publicly provided on each repo's github releases page. So those are signed with the original developer's keys.
In this case, it's literally just curation.
Every curated list is a middleman.
The alternative is expecting average users to trust or audir possibly 100 different devs from each different used app, any of who can publish a malicious update.
Every solution has tradeoffs, there isn't a 1 size fits all.