I am perfectly ok with android apps being required to be signed by not just a certificate (they always were just it could be self signed and just needed to match to upgrade without removing data) but a list of trusted entities.
As long as:
I can install my own key on my phone (I'd I am trusted)
major distributors like fdroid and have a key installed without friction (like web CAs)
Google let's me mark their key as untrusted (I probably won't but I should be able to refuse things they trust (at install time, not disabling preloaded apps like settings)
Without this it feels too much extending the monopoly despite being forced to allow 3rd party stores.
I am perfectly ok with android apps being required to be signed by not just a certificate (they always were just it could be self signed and just needed to match to upgrade without removing data) but a list of trusted entities.
As long as:
Without this it feels too much extending the monopoly despite being forced to allow 3rd party stores.