Responses from Google

"Thank you for the report. The raised issue is out of scope of Android VRP program and is not considered as a security issues as it's a developers responsibility to guarantee security supply chain for their apps. We are sending your report as a feature request to Android Studio to invest in facilities allowing developers to detect and resolve conflicts."

"Thank you for your continued engagement and clarification. We will pass this information along to the Android Studio team as a feature request."