If its not on F-Droid, its likely not open source and is very hard to verify whether shenanigans are happening or not.
What is actually important is to check if your Android filesystems is actually encrypted on the phone. That alone should reasonably be able to protect you from these kinds of problems. And if your phone is not encrypted, I would flat out suggest that you transfer all your personal data then proceed to destroy that phone is a fire and get a new one with encryption.
This is a Lineage OS, an Android fork. It shows if your phone is encrypted or not (image taken from xda-developers article).
Remember, you will likely have these kinds of trust issues if you cannot verify the apps on your phone. Go open source, less likely chance of shenanigans on your phone.
Ideally, the less apps you have, the better you’ll be.