I don't understand how you can have mixed feelings about this.
> However, when it comes to publishing apps to the store,
This isn't about publishing apps to the Play Store. If that's all this was about, we wouldn't give a shit. The problem is that this applies to all stores, including third party stores like F-Droid, and any app that is installed independently of a store (as an apk file).
> Given the growing threat of such attacks, we need to find ways to mitigate them.
How about the growing threat of right-wing authoritarian control? How do we mitigate that when the only "free" platform is deciding the only way anybody can install any app on their phone is if that app's developer is officially and explicitly allowed by Google?
Hell, how long until those anti-porn groups turn their gaze from video games and Steam onto apps, then pressure MasterCard/Visa and in turn Google to revoke privileges from developers who make any app/game that's too "obscene" (according to completely arbitrary standards)?
There's such a massive tail of consequences that will follow and people are just "well, it's fine if it's about security". No. It's not. This is about arbitrary groups with whatever arbitrary bullshit ideology they might have being able to determine what apps are allowed to be made and installed on your phone. It's not fucking okay.
My elderly father unknowingly installed an application on Android after seeing a deceptive ad. An advertising message disguised as an operating system pop-up convinced him that his Android phone's storage was almost full. When he tapped the pop-up, and followed instructions he installed a fake cleaner app from the Play Store. While the app caused no actual harm, it displayed notifications every other day urging him to clean his phone using the same app. When he opened it, the app — which did nothing except display a fake graph simulating almost full storage — pressured him to purchase the PRO version to perform a deeper cleanup.
In reality, the phone had 24 GB of free space out of 64 GB total. I simply uninstalled the fake cleaner and the annoying notifications disappeared.
How such an app could reach the Play Store is beyond me. I can only imagine how many people that app must have deceived and how much money its creators likely made. I'm fairly certain the advertisement targets older people specifically—those most likely to be tricked.
For better or worse, I'm pretty sure that such an app would never land into the Apple App Store.
So you're saying Google is doing fuck all to protect customers on their already locked down store, right? This doesn't sound like it will be addressed by Google extending developer registration outside of their store at all if they can't even address obvious scam apps that they're already promoting. And to your point, yes, Apple probably does do a better job of maintaining their app store, that way they can prevent some of the push back on iOS being so locked down. An iPhone sounds like the right device for your father.
from the Play Store
This is not about the Play Store. This is about the whole Android platform. It's about running what you want on your own machine.