F-Droid and the Aurora Store also offer open-source apps, but have known weaknesses when it comes to updates and signatures. Only use them if you are familiar with the risks (apps could be malicious). Manufacturer websites can also be trustworthy.
In this case, however, check whether the app is signed and up-to-date. Apps from the Google Play Store may be safer, but you will be tracked by Google and need PlayServices and a Google account. Projects such as Accrescent or GrapheneOS App Store are preferable, but only offer a few apps so far.
Tip: Only install apps that you really need. Every app is a potential risk.