> Could you make the claim that F-Droid is actually safer that "Google Play Store"

That is essentially the assertion that we made in the prequel to this post (at https://f-droid.org/en/2025/09/29/google-developer-registrat...).

> But how much malware has been distributed via F-Droid versus "Google Play Store"

There's been only a single case of malware that we know of that has slipped into distribution on F-Droid (through a supply-chain attack on a transitive dependency), and it was caught within a day. So if we were feeling glib, we might have made the claim that "there is over 224 times as much malware on the Play Store than on F-Droid".

To me, the question is not even relevant. Whatever the quality of f-droid,each use should be free to decide if they want to use it or not without Google having a life or death choice on the app that you want to use.

Google themselves have mentioned that about half of all malware is installed through their Play Store.

Why would one make this claim

Because Google is suggesting that "malware" is a motivation/reason/justification for their new "sideloading" policy

It can be useful to show that Google's alleged justification is bogus

Yes, software on F-droid is free and reviewed for anti-features before publishing. Google Play has the worst, ad ridden, dark pattern filled, data guzzling, subscription packed, commercial slop with no real oversight on what gets published. Malware frequently gets on the Play Store, never heard of it being a problem on F-Droid.

The freedom of installing whatever you want indeed brings more opportunity to come across malware, but as long as you lose the freedom, it's up to Google to decide which apps are "safe", which are not. Google will be the only, sole source of apps, they control everything.

It's not about immediate safety, it's about safety in the long run.

I don't even understand how this is an interesting or relevant point. "Can I install what I want on my service how and when I want" is the end of the conversation.