"From there ... really anything goes as to what that developer could have done with those credentials intentionally or otherwise."
They paid them to make the app though, they could put literally anything in there and even with them sending them builds that they uploaded themselves it would have been just as easy to be nefarious so this justification is thin at best.
Are there shared accounts in the google app scene or is giving your credentials to the developer the only way to give them access?
You can share account access with other accounts. There is a Users & Permissions panel in the Google Play Console you can use to invite new members. There's no need to share your password with other people.
> They paid them to make the app though, they could put literally anything in there...
Unless Google found something concrete, this speculation doesn't matter at all, shared account or not. A lot of software/websites/services are developed and managed on behalf of other businesses/people, with those people just trusting the developers/admins with no way to verify anything really.
They paid them to make the app though, they could put literally anything in there and even with them sending them builds that they uploaded themselves it would have been just as easy to be nefarious so this justification is thin at best.
Are there shared accounts in the google app scene or is giving your credentials to the developer the only way to give them access?