> It seems like they will still allow installs, just hide it behind some scare text.

This was already the case for enabling sideloading at system level: it warned you. Nobody really says having this toggle is a bad thing, basically the user shouldn't get an ad network installing apk's just browsing around the web without their informed consent (and android has been found to be vulnerable to popunder style confirmations in the past).

They also already had the PlayProtect scanning thing that scans sideloaded APK's for known malware and removes it. People already found this problematic since what's to stop them pulling off apps they just don't like, and no idea what if any telemetry it sends back about what you have installed. There have been a handful of cases where it proved beneficial pulling off botnet stuff.

Finally, they also have an additional permission per-application that needs to be enabled to install APK's. This stops a sketchy app from installing an APK again without user consent to install APK's.

The question is: How many other hurdles are going to be put in place? Are you going to have to do a KYC with Google and ping them for every single thing you want to install? Do you see how this gets to be a problem?

No, because it isn't something that should be up to google's control.

Why is it reasonable that installing software is behind an "advanced flow" what ever that means? I find it not very reasonable at all that the only way to install software on my phone is by jumping through hoops. I don't think it reasonable that the Play Store is the only portal. I don't even find it reasonable to call installing software "sideloading". Downloading and installing software from a vendor's page has been the norm for decades before smart phones came along but all of a sudden when it is on a small screen the user can not be trusted? That's ridiculous and not at all reasonable.

The whole point of TFA, if you read it, is that they SAID they would do that, but there has since been ZERO evidence that they actually will. This feature is not present in anything they have released since that statement.

> It seems like they will still allow installs, just hide it behind some scare text.

That describes the current (and long-established) behavior. App installation is only from Google's store by default and the user has to manually enable each additional source on a screen with scare text.

> We are designing this flow specifically to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer. It will also include clear warnings to ensure users fully understand the risks involved, but ultimately, it puts the choice in their hands.

I've lived through them locking down a11y settings "to resist coercion, ensuring that users aren't tricked into bypassing these safety checks while under pressure from a scammer", and it's a nightmare. It's not just some scare text, it's a convoluted process that explicitly prevents you from just opening the settings and allowing access. I'm not giving them the benefit of the doubt; after they actually show what their supposed solution is we can discuss it, but precedent is against them.

> Seems reasonable?

No. As I said before, any solution that disadvantages F-Droid compared to the less trustworthy Google Play is a problem.

It's deliberately written to be vague and not say anything, and given the original intention, it's hard to believe that means it should be interpreted generously.