But the "opt-out" will not prevent ecosystem effects caused by the default shutdown of convenient app installs due to the policy. Not even for GrapheneOS users. It's a global policy by a body we never voted for. You can't opt-out of that different world by waiting 24-hours, the ecosystem could have permanent effects. This is coming from a company that doesn't even bother to expose a permission to disable Internet access per app. It's there underneath, but they just ... don't expose the choice.
Is it really going to have ecosystem effects? Surely the small portion of power-users who are bothering to intentionally sideload apps can click a couple of buttons. Or just load via ADB and avoid the entire thing.
The entire point here is to prevent scam actors from using a false sense of urgency to defraud people. That is a serious vulnerability that needs to be addressed somehow, and I think this is a good compromise that doesn't impact people's ability to sideload.
I say this as someone who sideloads apps literally every day.
> The entire point here is to prevent scam actors from using a false sense of urgency to defraud people. That is a serious vulnerability that needs to be addressed somehow
Does it, and if it does, does it need to be addressed by an OS vendor creating a mechanism to ban developers for most users? I'm not convinced of the former, and I'm certain the latter is bad. I predict within ten years, we will see this used against something that is not malware.
What do you mean "ban developers for most users"? Most users get their apps through the play store, which will still exist here. Some users sideload apks, which is also a functionality that will still exist.
> we will see this used against something that is not malware.
See what exactly used against something that is not malware? The Play Store already has requirements other than "don't be malware". If you're talking about the sideloading requirements, all of these requirements apply to every app, not just malware.
Recently, both Apple and Google banned apps for reporting immigration raids in the USA from their respective stores. Android users can still trivially download such apps from other sources. After the verification requirement, nothing changes as long as the developer has a permission slip from Google. If they don't, users have a waiting period that could be a critical delay in an emergency like a crackdown by an oppressive government.
Google has stated that it will only withhold such permission from developers who distribute malware. I imagine they'll stick to that promise at first, but long-term I think they won't. Once it's possible for them to impose partial bans on developers, governments have every incentive to pressure them to do it.