Thanks for making your app freely available under a FOSS license! Could you please also sign the APK using a release key? Currently, it's signed by a debug key:
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): false
Number of signers: 1
Signer #1 certificate DN: C=US, O=Android, CN=Android Debug
Signer #1 certificate SHA-256 digest: 5dfea829074fb64305632a2dda83d7a02b36d38188a98004ad50170c70b958a5
Signer #1 certificate SHA-1 digest: 74dab7fe382b042589a0112fc049b5f517051d9a
Signer #1 certificate MD5 digest: c4d2e09202983457a1e9fba771f1aeb1
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 2048
For technical background, see e.g.
SigningBlock blobs:
-------------------
0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)
For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains.