I was thinking about downloading KeyMapper before seeing that it is really asking for large number of permissions, And in the same time i was downloading DangerZone with the size of 797MB which make it harder for me to scan it specially using Virustotal.
My question is how to trust those projects without being able to be fully sure they are not malware or privacy nightmare?
You can check their code out. Their terms and reasons behind those permission.
However, there really is no way to trust anyone in true form. We all go by the face value here most of the times.
Any App with the functionality of KeyMapper will need quite a few permissions that are very rarely needed for “ordinary” apps because the key events can be remapped to actions like picking up a phone call.
Danger zone isn’t available in F-Droid and Android at all?