alt Hacker NewsMaybe? Let people form CAs, and if a CA gives out certs for malicious apps remove them. (Old apps continue to work, to publish new one get new cert.)
Yes, sad, but works.
People will learn about scams, but scammers are unfortunately a few steps ahead. (Lots of scammers, good techniques spread faster among them than among the general public.)
If "they" is Google, this is just a really pointless middleman proposal. Android does all the cert stuff.
Also Chrome trusts like 300 CAs. Does that work? Probably not if you live in 200 of those countries.