The way you give your non-technical friends an APK and they just install it is by you signing it.
I should not have to enter into a business relationship with google just to hand my non-technical friend an APK any more than I have to enter into a business relationship with the Linux Foundation to hand my friend an AppImage.
And then having Google approve it, so hopefully your app does not do anything that Google does not like, such as block ads.
But I want to let someone MITM my non-technical friend and repalce my APK with malware.
I should not have to enter into a business relationship with google just to hand my non-technical friend an APK any more than I have to enter into a business relationship with the Linux Foundation to hand my friend an AppImage.
And then having Google approve it, so hopefully your app does not do anything that Google does not like, such as block ads.
But I want to let someone MITM my non-technical friend and repalce my APK with malware.