alt Hacker NewsIt's not obvious to me that this will help much with scamming. Especially when it affects safer app repositories like F-droid more than the cesspit that is the official Play store.
Replies
Play Store being a cesspit is indeed a problem! But it still is making a constant effort to drive away scammers, so scams don't last too long there. Scammers show sleek-looking web pages offering to install an "official app" from their own apk. Or they have an app that clandestinely sideloads another app. This is being curbed.
But it's limited to a one-time action, not encumbered by additional papers or payment. I don't foresee any trouble using F-Droid (which I use a lot) after I have dismissed the scary screens and confirmed that I know what I'm doing.
>It's not obvious to me that this will help much with scamming.
Because as a reader to this forum, you're probably more tech savvy that the average person. Moreover this type of scam seems to be more common in Asia than the West, see:
https://cdn.economistdatateam.com/videos/cyber-scams/fake-vi...
https://www.economist.com/interactive/asia/2026/04/10/scam-i...
They convince users to download a "government app", grant it accessibility permissions, then use that to take over their phone and drain their bank accounts.
>Especially when it affects safer app repositories like F-droid more than the cesspit that is the official Play store.
Where do you draw the line? If you whitelist f-droid, do you have to whitelist third party f-droid repos too? What about other app "stores" like obtanium? Moreover f-droid being less of a "cesspool" is likely because its reach is smaller, not because it has better moderation.
F-Droid is not a safer app repository:
https://privsec.dev/posts/android/f-droid-security-issues/
And most Android banking malware is distributed through unsafe sideload installs (as opposed to much safer Gatekeeper-style installs, which is what is coming) and are fed to victims through complex attacks involving obtaining a victim's personal information and calling them while credibly pretending to be a local authority or a bank representative. You can read about this wherever you get news about cyber crime.
This is a scourge in South East Asia and Google can do some good here. The only cost is whining from non-technical people. Everyone else will go pay $25 or whatever and sign their app.