Supply chain compromise
App squatting and fake apps are listed by MITRE as Mobile Technique ID T1474:
Adversaries may manipulate products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise can take place at any stage of the supply chain.
Detection involves application vetting of API calls, network communication, permissions requests, and protected configuration.
Static analysis notes
Static analysis can be done with various tools to decompile the binary, such as jadx, radare2, rizin, and jeb.
Tools such as droidlysis for automatic offline static analysis can also be used. A high level description of the process can be found here, and is applied in Android malware analysis (Pithus and jadx) as example.