I feel like this is semantics. I don't know all what they say, but I'd eat my breakfast cold if the word "safety" didn't come up in the PowerPoint deck. We may have to agree to disagree on this.

My point was that this is the direction the world is moving to. Maybe it's not total coverage yet, but every year more and more of our stuff only operates with verified trust through the entire process. Everything from video games to movies to programs. We're already sitting here complaining about Google enforcing developer verification, how long until Google turns on play integrity by default? And then how long until it's the only option? It'll come if something doesn't change.

And I still agree with the post way up above that these devices are too important now. I don't care about Google's interests here.

> My point was that this is the direction the world is moving to.

And I agree with that, but it feels to me like it reinforces my initial point: fighting the Google flavour of Android is a lost cause.

> We're already sitting here complaining about Google enforcing developer verification

Which isn't a problem on alternative Android OSes like GrapheneOS.

> how long until Google turns on play integrity by default

Agreed. The solution is to be able to use an alternative Android OS like GrapheneOS :-).

> It'll come if something doesn't change.

And what needs to change is that regulations need to make it illegal to actively choose to ban alternative Android OSes.

The thing with regulations is that you need to find something applicable. When people complain about centralised system and lobby for regulations that will help their federated system, without even debating about whether or not the federated system is "better", the fact is that it is not applicable. It is not reasonable to say "so now, if you write a messenger app, it has to use the Matrix protocol because Matrix convinced us of it". If I want to write a different protocol, I should be able to do it, right?

But what I am suggesting here is both reasonable and applicable: currently those banks have to add code to their app in order to ban alternative OSes. If a regulation makes it illegal, they just have to remove it, and banks who don't have it yet just don't add it. It's easy to verify: if my banking app doesn't boot on GrapheneOS, I can complain to the regulator, and the regulator can trivially verify it.

Same thing for allowing to unlock/relock the bootloader: super easy to verify, a regulation would work great.

Now back to the article: what are we asking? That the process of installing an unverified app manually is not made "so hard", with "hard" being some variant of "it's terrible if I have to wait 24h one time in order to enable this", for something that approximately nobody does. Look at all the effort that has been put against this change... and again they will lose. And if they managed (very unlikely) to get regulation for that, they would be screwed next week by the next change.

That's why I say it's the wrong fight: not only it's a lost cause, but it is strictly less useful than the simpler solution of defending alternative Android OSes with simple regulations.