I keep getting emails from people and companies wanting to release my android app on various alternative markets, and often they want me to send them (or upload on their website) my apk.
My questions are: What are the risks involved with this, how much can someone reverse engineer my app from the apk? How many other developers release their app on places that aren't the android market? Is it a fairly common practice?
It's pretty easy to pull in the apk of downloaded apps from the android market. I mean if someone really wants to get the .apk, it's as easy as downloading it from the market, and then using adb to pull.
By putting your app in alternative markets, you are getting the people who can't use android market the chance to try your application.
As racetrack mentioned, there are other ways of getting your .apk if they want it, but the long and short of it is that your app is largely exposed once it's in someone else's hands. A decompiler will lay the whole thing bare for reverse engineering. This is part of why Google strongly recommends using an obfuscator like ProGuard. While this still leaves all the logic there and intact, it makes it much more difficult for a person to read and understand as it will replace all your function and variable names with meaningless strings of characters.
Personally, I've stuck with the Market for distribution. My main focus is making people within my target market aware of the existence of my app rather than needing to reach a wider demographic, so reaching countries that the Market doesn't support paid purchases in yet is of minimal concern to me.