The thing is that people sideloading good non-malware apps because they want to is also a thing, and all kinds of icky apps that abuse permissions but are still verified and installed through the Play Store are also a thing. This doesn't really change what is a thing. It just moves more stuff under Google's control.

security is the "Save the Children" of technology. It's not that there isn't a theoretical thing there, it's that in the real material sense, the actual actions taken are power grabs for control and suppression.

> Attackers convincing users to side-load malware is a thing.

Sure. It’s also not Google’s problem.

It’s not Victorinox’s problem of someone uses a Swiss Army knife to cut someone else. It’s not Toyota’s problem if someone deliberately runs over a pedestrian.

Car companies do care if their cars are easy to break into and will improve the security of newer models, even if any particular theft is not their fault.

If they don't do that then their reputation will suffer and governments might take notice. So, in practice, big companies do have to care about their users, not individually but in aggregate.

That's a bad analogy. No one is complaining about Google providing Android security updates.

This is like a car manufacturer preventing the installation of all unapproved aftermarket accessories by claiming they're protecting you from a stalker installing a tracker on your car.

I don’t actually think it’s that bad. If all of a sudden we started hearing an awful lot about Android phones having viruses, to the point where almost everyone had a friend who got a virus on their android. I think the market would actually shift. We’d probably see more people moving to iPhones.

> Car companies do care if their cars are easy to break into and will improve the security of newer models, even if any particular theft is not their fault.

Didn't Kia go over a decade without caring or improving until the Kia Boys stuff?

Yep, it took a while but it eventually caught up with them.

They made it up in the sense that it's completely unnecessary - most malware is on the Play Store.

What is the source for this extraordinary claim? Also, malware hosted in the play store has the property of being tied to an identity which can be banned.

I don't need a source, it's common fucking sense.

1. Most users do not use fdroid or APKs to download software. They download software from the play store.

2. Therefore almost all malware will target the play store.

3. Therefore most malware actively used comes from the play store.

4. Compounded, the play store does almost nothing to prevent malware and actively encourages certain types of malware like spyware and adware.

5. Compounded, Google gets a cut from each piece of malware sold on the play store or advertised on the play store, therefore they have no incentive to prevent malware in any significant way.

> 3. Therefore most malware actively used comes from the play store.

This isn't necessarily true even if you're right on all the other points. Even if most malware is on the Play Store, it can still be true that, out of the Android users that DO get malware (or rather, those that actually report malware to Google), most of them got it from outside the Play Store.

It can be true that a minority of users get any malware at all because Play Store is safe, but most users in that minority get malware because they are open to using apps from outside Play Store.

If Google is making this change in service of safety, they would protect a large chunk of that minority, by verifying apps downloaded outside Play Store. If it's necessary for Google to help these users, this change is not "completely unnecessary".