When I see an app has over 100 million installs, half a million 5 star reviews, and a support email address ending in @amazon.com it seems pretty sure to be the real deal.
After some more checking, when I had a bit of time, I installed it.
Those are also things I look for.
Still seems to be in line with my basic point: On Google Play, it's up to the user to assess the item's legitimacy. At least, so far, Google continues to provide these data points to the user; as long as the Play Store itself isn't compromised.
Keep in mind, some of the items recently in question in the news are reported to have had a million plus installs. Separately, fairly recent news stories have described ways in which third parties have managed to glom onto prominent domains -- particularly those providing extensive user services -- to gain the addressing of that major domain for their own functionality.
