The code can be shared while the internal development is kept private. Testing, iterations etc are not needed to be shared. It is a scale, but always the open process is preferred.
Until there are reproducible builds the apk-s cannot be checked anyway.
The Google Play versions cannot ever be reproducible due to the signature being part of the apk (correct me if I am wrong).
Reviewing the code and building for myself would be better, but until then I at least use Obtainium to grab the binaries from github.