You're viewing a single thread.
There was a similar thread where Play Protect blocked installation of Signal. As it turned out, said copy of Signal was indeed fake, as op downloaded it from F-Droid, where it's not being distributed.
Maybe it's the same case here?
Sad to see so many upvotes for bad information, no. Signal is a special case (it's their choice to disallow any open source client which they did not build) and does not follow the same rules.
KDE Connect is hosted on Gitlab, advertises install from F-Droid and is just as real from F-Droid as it is from the Play Store. Play Protect routinely tries to save me from this other harmful app (their words not mine) called Squawker.
Play Protect trying to incorrectly remove F-Droid apps is nothing new.
Then this is a KDE Connect issue. If they sign with different keys, they should use different app names (in the manifest, the visible name could still be the same). If two apps have the same identifier but are signed with different certs, Google is right to treat one of them as an impostor.
You literally have no idea how F-Droid works. All apps are built on the F-Droid infrastructure and signed by the F-Droid signing key(s). Build metadata (yaml files, etc.) are uploaded to Gitlab where automation then pulls down the source, the apps are not built or distributed by the code authors. There is no KDE Connect issue.