@Gargron the review process at Google can be a PITA, but for a good reason. Permissions to access more than an app really needs can be exploited for harvesting private information on a seemless update that most won't even notice. Side loaded apps downloaded from say APK mirror can have been tampered with using smali edits and you won't know. What Google should do is certified dev signing keys to trace and confirm if an APK is legit or not and coming from the actual dev, regardless of being side loaded.

@denzilferreira @Gargron so why dont we do this on windows or linux then, both oses by default dont even have a permissions system and give applications near full access to the device

@Chickerino @Gargron that's not true, you do need to raise admin rights to install something not digitally signed on Windows, and admin credentials to install on Linux. On Linux you have Flatpaks that do have permissions in place, and the software runs on a sandbox with only access to what you allow. Windows does not do any of that - hence I'm not gonna even recommend it.

@denzilferreira @Gargron thats why i said "near" everything, for example on android you need to give permission for the app to be able to access your files outside of the app container, windows by default lets every app access every file that your user has access to, i think thats a bit stinky

@Chickerino @Gargron yes 😅 btw Google is doing exactly what I said: verification of dev certificate on the .APK allowing you to side load authentic apps. Only unverified .APK are blocked https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/