In short, Android and Google Play essentially don't care about what's in actual certificate. Google Play will validate it indeed, and check if it is valid for 30 years or more, but they don't really use (at least currently, AFAIK) the actual info in the cert. You could use your own name/company name in the CN, but no one will validate this, and users won't see this info at all. What Android does is:
- check the signature to make sure the APK hasn't been tampered with
- then compare the singing certificate as a binary blob to the one of the currently installed version of the app to make sure that the two versions have been signed with the same key/certificate (e.g., by the same person/company)
- it does the same thing to enforce permission if you are using using sharedUid or signature permissions with two or more apps.
So, to answer your question, someone can easily create a certificate with your name on it, but Android and Google Play don't really care. As long as they don't have your private key, they won't be able produce an app signature that is the same as yours and thus they wouldn't be able to overwrite/update your app with theirs, or get any special permissions.