> 2. Having an approved channel for verified app loading is a valuable security tool and greatly reduces the number of malicious apps installed on users devices
I would instead say that having a trustworthy channel for verified app loading is a valuable security tool. F-Droid is such a channel; the Google Play Store is not. So Google is trying to take this valuable security tool away from users.
Sure, but you'd probably also agree it should be up to the device owner (end user) which parties are to be considered 'trusted'
Yes, I think the end user is in a better position than Google to decide who to trust. Some end users will make bad decisions, but Google's interests are systematically misaligned with theirs.
Not really. Google has maybe the best security researchers in the world, most end users have no idea, Hacker News is not representative of the general population.
I am not saying it justifies locking down devices, but that's the kind of situation where I think a bit of friction is a good thing. For example having to connect your phone to a computer and run some command line tool (like for unlocking a bootloader). You still have your freedom, but it is also something you are less likely to do by accident. In the sideloading situation, it looks like you could make yourself a developer account and repack apps under your own identity, which is one of these high friction workarounds.
For F-Droid specifically, maybe they should negotiate with Google before going to the offensive. Maybe they did and it didn't work, but I think a good compromise would be to let F-Droid has a key to sign the apps they compile, making F-Droid accountable for the apps they distribute.
And by the way, Firefox is in a similar situation for extensions. Over the years, they made it really hard to install anything from outside the official Mozilla repository, citing security concerns. It is not just Google.
Yes, Google has much greater competency. But when their interests run counter to their users' interests, as in the particular case we're talking about where they are nuking F-Droid from orbit, thus depriving users of access to NewPipe and other apps that don't try to rip users off, that higher competency is a disadvantage, not an advantage.
Neither incentive alignment nor competency is sufficient without the other.
Even if you allow package distribution whitelists, and even if we allow Google, by virtue of essentially owning/steering Android to, by default, be on the whitelist in their distributions...
At some point you need to just let the user say "I'm OK with being accountable for the installation" and get out of the way.
"Trustworthy" requires a qualifier of "for what" and I do trust Google to not intentionally install malware on my device and to take reasonable steps to prevent other people from doing it. I will admit that I don't know the details of how the app stores work, but they are at least checking the hashes of the binaries right? The probability of trying to install Instagram from Meta, but actually installing Instapwned from some malicious third party is zero when you go through the app store, right?
I assume that's correct, for your very narrow definition of malware and a nonzero definition of zero, and it's a good point that trustworthiness is context-dependent. As Alan Karp used to say, "I trust my relatives with my kids but not my money. I trust my bank with my money but not my kids."
Yes, but app stores like F-Droid, if you trust them, provide an even stronger security statement: they guarantee that you can check out the full source code of the app you are running.
This is what has made Linux distributions the go to for secure OS to run on your server: even if malware or bug leaks in, you have a full security trail about when and how that happened right in the open.
Wrong, plenty crap make it into the store, that is true for both Android and iOS. And the advertisement in the Android store is designed specifically to try to trick you into installing a different but similar app to the one you wanted.
I'm unclear on why F-Droid is any safer than the playstore and not possibly worse since using it tells potential malware purveyors that you're into sideloading in the first place.
Because F-Droid inspects the source code of the applications they build, removes malware and other antifeatures from them, and compiles them from source to ensure that the binaries they deliver correspond to the source code they've inspected. The Google Play Store doesn't do any of those things. Consequently it's full of malware.
F-Droid provides curated applications vetted by parties that *the user* chooses to trust.
By default, F-Droid provides only the applications that they themselves have verified and built from source. They also allow the user to add other sources from other parties who the user trusts (e.g. GuardianProject, IzzyOnDroid, and others[0]).
Google provides any application uploaded by any anonymous third-party who signs up as a developer (and in future, provides the required ID).
[0] https://forum.f-droid.org/t/known-repositories/721
Not to be an asshole, but you must not be very familiar with F-Droid.
It’s not just a random hodgepodge of “third party” binaries. It’s all FOSS software that was actually built from source and verified.
Probably much safer than a random app on the Play Store.
If I had to install a random app from the play store or from F-droid, I would pick F-droid every time. The level of vetting they apply is miles ahead of Google.