ofc. most of the time you'd be fine, but apks can be compromised by github/gitlab vunerabilities (like the oauth attacks in 2020 & 2022) or anyone with access to the devs git repos, or malicious devs. it's best practice to always verify.