Looks harmless on the surface; but yet, is still in fact, boiling a frog.

Thankfully the rollout seems fairly slow; should be enough time for most of you who find this concerning enough to switch to a custom ROM which eschews this safeguard.

With luck this will be even something we can turn off. I certainly would demand the ability to turn this security setting OFF even if it ships “Default - ON” to protect normal users who do not have a need usually to sideload unsigned apps.

I don’t like it myself. If we are not given a choice; I will likely flash my device over to an Open Source ROM that respects my privacy more.

For developers; this might be a good time to make sure that there are people who can “register” semi-anonymously and share the signing keys. Genuinely, I think something could be figured out; and private registrations could become a thing; Where one person capable of registering simply vouchsafes a number of developers they personally know by sharing necessary signing keys where they too contribute to an app project.

I think the whole implementation can’t be immune to key sharing, and I do think it’s possible to have one dev deal with the devil…Google in this case.

While I understand some projects will rightfully not want to hand information over to Google; usually because they’re being legally attacked by Google; I believe it will be possible to simply use wider shared keys to misdirect and deflect any unwanted legal action.