Scenario:
adb pull /data/app/com.example.myapp.apk on my appsCan I:
I can only answer number 3:
Reading: https://android.stackexchange.com/a/28138
It seems no user data will be in the APK, I don't know about the play store data though.
Can I: Via my app identify it was not legitimately purchased/downloaded?
It depends how your app can be purchased. But even then that will be pretty hard to do that, especially this will be prone to spoofing on rooted devices, so if your app is a standalone product and does not require any account on your servers to be used, then it may be really painful and at some point not worth the efforts maybe.
Download my apps from said website and verify the same person downloaded them?
No.
Find any identifying information/user data inside the apk?
No. There's none.
Via my app identify it was not legitimately purchased/downloaded?
Aside from the security key which guarantees that the contents of the apk are not tampered with, the apk on it's own does not identify where it came from. If you need extra security measures against pirating, you have to look for other solutions, e.g. account checking, web-based identification, etc
Download my apps from said website and verify the same person downloaded them?
If you mean that whether Google Play will identify you as the person that originally purchased the app, the answer is no. If the app is paid Google Play will realize that you have not paid for it. If the app is not paid then Google Play will simply add that to the library of apps that you have and/or installed
Find any identifying information/user data inside the apk?
There is no user data in the apk since the apk is the same file for any device that installs it. However, some apps might store data locally which means that through adb pull an untrusted party might be able to pull your user data from your phone. Most apps don't store anything locally because of this.
