Yes, it's terrible and something even Windows handles better. It's one of those utterly bizarre Apple things which make me wonder which old product guy has dirt on everyone else at the company.

Optimizing the OS won't do anything about shrinking sales when the spec sheet changes.

It's literally the law to have that feature for decade(s) now, whats going on in this conversation?

Which ones were that?

History is full of such incidents. Isn't US have been using EU air space to conduct strikes in other countries? Is not EU kept silence for the election stolen in Pakistan? Is EU kept silence when hundreds of people were killed by Pakistan Army in 2024 and 2025? Is not EU kept Pakistan 2024 election report unpublished for 2 years? Why do EU support Pakistan Army's illegal rule? Oh, and Isn't NATO has been killing in Libya, Iraq and Afghanistan?

F-Droid is so irrelevant that it doesn't even begin being targeted by supply chain and scam attacks. Being obscure always help with this, but pretending that it's the same threat model is absolutely false.

Are Debian repositories also irrelevant? If not, why aren't they targeted?

The XZ utils backdoor made it into Debian repositories undetected, although it was caught before it was in a stable version.

Debian repositories are quite secure, but also pretty limited in scope and extremely slow to update. In practice, basically everyone (I'm sure there are a few counterexamples) using a Linux distro uses it as a base and runs extra software from less tightly controlled sources: Docker hub, PyPI, npm, crates, Flathub etc. It's far easier for attackers to target those, but their openness also means there's a lot of useful stuff there that's not in Debian.

Holding up Debian as a model for security is one step up from the old joke about securing your computer by turning it off and unplugging it. It's true, but it's not really interesting.

XZ attack is an extremely rare event coming likely from a state actor, which actually proves that GNU/Linux is a very important target. It was also caught not least thanks to the open nature of the repository. Also, AFAIK it wasn't even a change in the repo itself.

In short, using FLOSS is the way to ensure security. Whenever you touch proprietary staff, be careful and use compartmentalization.

You "saying it" doesn't make it true.

Meanwhile, on the Play Store... https://ibb.co/DJKGM8d

You "refusing to believe it" doesn't make it go away.

Is it because Android literally has billions of users across the world.

A large portion of which are using it in a feature phone capacity. Many only use smartphones because it’s what their carrier gave them after their old candybar dumbphone either broke or became unable to connect to cell towers.

The other groups are those who use it identically to how they would iOS (and don’t root or sideload), those that use it as computer replacement, and those who just like to tinker. Those last two groups are a tiny, tiny sliver relative to the others.

Especially once you start counting car entertainment systems, POTS terminals, digital signage, and hundreds of other classes of devices that are not genera-purpose toys.

Significantly larger than the number of users wanting to sideload.

There are millions of people affected by targeted scams every year, significantly outnumbering the non-developer sideload community. Especially when you take into account that the sideload community doesn't all use Google Android and isn't affected by this.

If it’s that small, how does killing it help anything?

Google already knows whether an app is being installed from an app store, such as fdroid, or not.

Just like they allow installing apps from the Play Store without the 24h verification, they should allow installing apps from F-Droid or the Epic Games Store without verification.

Why do you think they are doing it?

They don't care about F-Droid but they do care to choke out any potential competitors to their ecosystem before they can get a foothold. See their behavior surrounding device certification for example. They want to abuse the network effects of their ecosystem to prevent consumers from leaving. This is just more of that - vendor lock-in masquerading as an unfortunate necessity.

No it doesn’t. You will now have to follow a lengthy process before being allowed to install apps from F-Droid.

To defeat scammers. Not everything is a conspiracy.

Likely true, but also many technically oriented people (myself included) would turn away from Android if f-droid stopped working. And I would actively start recommending friends and family against it. What is the benefit of Android at this point? an extended Ads platform, controlled by Google.

You're on to something, aren't you?

Like... Maybe manufacturing isn't the end all?