The opensource apps like Newpipe, SmartTube, termux and many others are the “malware”, not the ones with binary blobs on PlayStore that fork VLC, Newpipe and many opensource apps illegally, supposedly “verified” but don’t follow opensource license like GPL, creating fake clones with ads and (real) malware.

https://itwire.com/business-it-news/open-source/81652-google-ignores-licence-violating-clones-of-vlc.html

Right, only install “verified” from Google Play, but that is where malware is, other 3rd party app stores like F-Droid, that really verify apps are at risk of getting killed by Google