Android has a reputation for being unsafe precisely because of sideloading (as well as low Google Play fees, looser app review, accessibility services and remote access).
This policy is bad for us HNers, but objectively good for the 95+% of people who will never sideload a legitimate Android app, but are extremely likely to get caught by scammers.
The heavy US skew of HN really distorts the arguments here, as Android-based scams aren't as common in AMerica due to the prevalence of iOS in that region.
The Play Store was riddled with scam apps last time I used it. Be it fake apps that pretend to do something while doing at best nothing ("system optimizers", "antivirus" apps) over user data mining apps (often targeted at children or young people) to hundreds of clones of commercial or open source apps - you do not have to search very long to find the real scams.
Making sideloading harder has only one goal - growing the wall around the garden a bit higher, piece by piece, layer by layer, while everything within slowly grows more toxic.
Which is why I said sideloading is only a part of the problem, I expilicitly pointed out insufficient Play Store verification and insufficient app sandboxing in my original comment.
If they actually cared about scams on Android, when I explicitly searched for <App I'm going to pay for anyway> in the Play Store, they wouldn't put <Some other random app that pays money to appear above the app I searched for> at the top instead lol
If there's a reputation, that means it's reasonably widespread. 5% doesn't seem like much.
Does this mean there are so many advanced users sideloading apps to compromise them?
Except users aren't so advanced that they are getting scammed because of side loading?
Or might it be the cascading delays in security updates that don't seem to reach devices between Google, manufacturers, and telcos? This is a much more massive (the 95%) of security hole and backdoors for scams to enter.
These arguments don't really seem to fit together or make sense.
Happy to get some links to read more about all of the statements.
There isn't a snowball's chance in hell that Google is doing this to protect users from scams. It is purely driven by their desire to control the platform and eliminate things like ad-blocking youtube apps. You're far too credulous of evil corporations' stated motives.
Scams are the justification, F-Droid hasn't had any scam apps throughout it's existence, and it's not clear every functionality it currently has will be preserved with this change like auto-updating apps and easy installation of the store itself.
Google could let users add their own signing keys (like browsers allow), and it might be they will let students or power users do this, or they could do what F-Droid does in packaging FOSS apps without developers having to provide extra PII information. If they do neither of these things, it de facto means they're only after control at the expense of normal users.
To resolve the problem, scammers would deceive the victims into downloading a malicious app, in an Android Package Kit (APK) file format, sent through WhatsApp.
On the topic of looser app reviews on the Play store vs the App store. I can give you a long list of fake iOS apps where you enter a 4 digit code to watch free movies. People who think Apple is manually reviewing apps are delusional.
Android has a reputation for being unsafe precisely because of sideloading (as well as low Google Play fees, looser app review, accessibility services and remote access).
This policy is bad for us HNers, but objectively good for the 95+% of people who will never sideload a legitimate Android app, but are extremely likely to get caught by scammers.
The heavy US skew of HN really distorts the arguments here, as Android-based scams aren't as common in AMerica due to the prevalence of iOS in that region.