People are concerned about Google editing code, which would be detectable through the signed code section or just basic decompilation and would be a nightmare for PR. But people are apparently not concerned with
1. Nothing has ever prevented tampering with the signature before first install.
2. Google owns and writes the OS.
3. Libraries like WebView are both security critical and updated via ordinary app updates, and are provided by Google.
4. The dex bytecode isn't actually run on modern devices. Instead it is compiled into an executable by code owned by... Google.
5. The large majority of developers are using compilers and other tooling provided by Google.
This is why the concern over this change is ludicrous. When you installed Signal or whatever for the first time did you check the signature? Did it bother you that it was technically possible for Play to substitute code? No. Because you are using an Android phone and trusting the OS developer is a requirement for everything.
And there isn't a "total lack of chances to stop tampering", since the code section can still be signed with a different key.
So why is everybody suddenly claiming a conspiracy here?
The main threat model is that google is influenced into editing a specific app or few for certain users or locations, not that the company is going to turn the entire OS into a backdoor. So most of your bullet points aren't very relevant. This threat model isn't a "conspiracy" either.
