(no title)

You already get a pretty scary warning when you try to install an app that was downloaded outside the Play Store. If people still install malware, that's the responsibility that comes with freedom. Your line of reasoning can be applied everywhere in life - people should not be able to do their own bank transfers or use a credit card, I know several people that who have been scammed already.

Moreover, there are better ways to protect against malware: 1. educate people; 2. rather than using whitelisting, use blacklisting (similar to XProtect on macOS).

Finally, the argument is not very strong on Google's side, since the Play Store itself has had its history of scams. Which, again is easier to protect against by educating people. No, don't put your banking information in a random app you downloaded from the Play Store (use the app that your bank tells you to). Do not install random keyboards from the Play Store. Etc.

> It is little surprising a lot of smart people somehow miss this simple logic.

Is it that people "somehow miss this simple logic", or is it that they weigh security and freedom differently than you?

This is "think of the children/grandma" logic. There is a different between maintaining a company store where everything is verified, and forcing everyone to use it.

Google shouldn't be able to hold a vertical monopoly, on what apps can run, what os's are allowed and what hardware can be used on devices that run Android, rest solely on this weak excuse that someone might harm grandma.

Oh, and of course, if grandma gets scammed by a app in the Google store, Google isn't in any way held responsible. Such garbage, two-faced bs.

That argument falls apart when you consider that:

1. The ownership of security can be entrusted with the user. For example, if the user wants to install a 3rd party app store that doesn't use developer registration, they should be able to do so. The consequences of that decision should be on the owner. FDroid is one such app store. But I trust it over play store any day.

2. Careless users can be prevented from making such decisions, and capable users can be prevented from making mistakes, by careful UI designs that provide copious warnings and require deliberate actions. We have plenty of examples for both. An example for a system that prevents mistakes with warnings is the certificate trust override in browsers. They allow you to override rejection of untrustworthy certificates, but not before you read a lengthy warning message and click a couple of buttons. Similarly, an example of a deliberate action is when you want a repo to be deleted on github or gitlab. They force you to type in the repo name as confirmation. Not only does it take multiple key strokes, it forces you to review what you're actually deleting.

> Google is not doing this to harm developers but to protect their users.

No. Google is doing this to satisfy their insatiable appetite for profit growth by squeezing their current revenue streams. This protects no one, but their shareholders and top executives. I'm a bit ashamed to have to explain this on HN.