[VladStanimir]

I am not a app developer however from what I read on the android developer site you just need to provide some form of id, the singing key and the app id.

You don't have to distribute via the app store, you dont have to get Googles permission to publish the app or have them sign it.

This looks like purely app validation, we only run apps we can prove originate from the author.

[m-p-3]

So if Google doesn't like the app in question (such as ReVanced, NewPipe, etc), they can simply target that signing key to completely disable the app on all devices, even if it's not distributed by them.

Having the file signed by a relatively centralized authority makes it much easier for Google to gain control outside of their realm.

[huem0n]

Under that logic, even if the app is "malicious" it would still be possible to install it. And thats not true, if somthing is deemed malicious, its blocked. Is app that hurts Google's dominance "malicious"? Who is it that decides what is malicious?