[cbolton]

> Why is Google the arbitrator of risk here ?

Because they do the monitoring and take some responsibility? I'm just comparing "install from the Play store" with "install some apk from wherever". If you bring additional context/knowledge of course it makes a difference.

[immibis]

Risk and responsibility are different. Monitoring, responsibility, those are just silly words with semantic games since Google's store is full of malware while F-Droid is not. Google's store is the risky one, and the words on their compliance statements are irrelevant to that fact.

[cbolton]

I don't feel like I'm the one playing semantic games here, I'm just arguing that the term "sideloading" is a useful distinction vs "installing through the main channel" (whatever that is: could be the Play store, or F-Droid, or Huawei App Gallery).

Google's store has malware, but the point is there would be even more if Google was not monitoring the apps there. The store is less risky than getting apks from the wild web, TikTok, etc.

Sure F-Droid is safer (as you would expect from a curated store of a few thousand open source apps compared to a store with literally millions of apps). But I wouldn't call that sideloading either when it's your regular channel to get apps.