F-Droid is not a safer app repository:

https://privsec.dev/posts/android/f-droid-security-issues/

And most Android banking malware is distributed through unsafe sideload installs (as opposed to much safer Gatekeeper-style installs, which is what is coming) and are fed to victims through complex attacks involving obtaining a victim's personal information and calling them while credibly pretending to be a local authority or a bank representative. You can read about this wherever you get news about cyber crime.

This is a scourge in South East Asia and Google can do some good here. The only cost is whining from non-technical people. Everyone else will go pay $25 or whatever and sign their app.