TL;DR
- Google is adding an additional layer of security when installing an APK or updating an app through an APK.
- A PIN or biometric authentication will now be required in certain cases.
- This will be the case for APKs that Google thinks are malicious or didn’t come from the Play Store.
I see they’re looking to kill F-Droid.
I doubt Google cares about F-Droid in the slightest. Practically nobody uses it there are barely any useful apps on it for 99% of their user base and the mediocre user experience will help prevent it from ever becoming real competition.
They do care about the random APKs people download to “upgrade their WhatsApp”, though. Same with the piracy market places loaded with viruses. Those give Android a bad name.
Android has a massive virus problem because sandboxing doesn’t help when nobody has learned how to use computers safely. We had this problem in 2004 and Windows solved it mostly by having an aggressive antivirus engine built in and SmartScreen showing scary warnings for every executable downloaded off the internet. It makes sense for Google to do the same, because it works.