No, F-Droid builds almost all apps from source. Even some open source apps don't make it to F-Droid if the F-Droid maintainer doesn't manage to build it themselves on their build server.

Additionally, F-Droid signs every app themselves.

[1] https://f-droid.org/docs/Building_Applications/

This make them a nice target for malware injection.

edit: When the signing is in single entity like f-droid, we have single point of failure.

When everybody sign their own app, we have trust scalability issues -- "trust" just can't scale to everybody.

The reason F-Droid does this is reproducible builds. Which is a big advantage because the code you see on GitHub is the binary you get in your device. It also means it's quite obvious when code is being added because you can reproduce it.

Of course the build platform being compromised is possible but that can happen even with binary distribution.

I thought they only allow you to guild/sign your own apps if it is a reproducible build, and they verify that the version they build is identical to the one you supply.

You can add a repository containing whatever apps you want.