On the one hand...good.
On the other...what could possibly go wrong?
Google says Android will no longer require an internet connection to check whether applications are legit or potentially malicious. From now on, the Play Store will embed metadata into apps' APKs that will be used to check whether or not the software is authentic, and confirm whether it came through the official Google souk or …
This further encourages peer-to-peer sharing "APK file sharing" instead of curbing it. It creates a false sense of security.
The problem is that malware might one day find a way to dodge the offline crypto check. This will exploit the sense of security advertised by Google while rolling out this feature and push malware distribution further.
> This further encourages peer-to-peer sharing "APK file sharing" instead of curbing it. It creates a false sense of security.
I am not convinced by the false sense of security argument, and how is peer to peer sharing a bad thing? In some places, that is the only practical way of actually sharing anything. This is not just academic, see: https://blog.grobox.de/2017/how-f-droid-is-bringing-apps-to-cuba/.
(As a very marginal note, the author of the above blog is one of the core contributors to Briar, which is what you want if you actually need an actually secure messaging solution, unlike those running high on hype and marketing which I shall not name, and especially any "solution" that may come from the US)
> do you know what algo is used?
For which part of the stack?
Description of each component may be found in the wiki.
Last year's security review is at https://briarproject.org/raw/BRP-01-report.pdf.
Even if it encourages more people to share binaries, it should prevent as many malware-infected ones from being there. For me, that will be a benefit. I tend to prefer having no google account set up with an android device and avoiding the play systems entirely, but there are things I can't get in fdroid. For example, some google packages are useful to me but don't come installed. I just have to hope that whatever site I get the APKs from haven't infected them (by the way, anyone know whether there are some trustworthy apk collections out there?). For me, this will be somewhat helpful.
I would imagine that in fact it will present you with dire warnings of all the terrible things that could happen if you continue, but will still allow you to run it. A bit like Chrome when you go to a site with a self-signed (or worse, a self-signed and expired) certificate.
Apples to oranges. These are all desktops and laptops.
Smartphones are ubiquitous mobile devices which collect huuuuuge amounts of data about you.
Malware spread on these is much more dangerous.
And having no App Store just makes malware writers' lives easier and gives them a bigger market of the great unwashed.
TL;DR: As if the desktop and laptop aren't enough malware vectors.
OK OK, I'll go back to the decades of DOS and Windows 95 (and earlier). The App stores were called
Tandy Electronics, JB Hifi, Dick Smiths Electronics, Game World, Computer Land, etc.
They might not have been online, but you bought your "apps" in them.
But most of them do have app stores. It's just that all apps are free and you can go elsewhere. Really, for those installing apache on a linux box, how many do you think went and downloaded a source or binary from apache's site, and how many did apt/yum/pacman install apache2? That's usually more convenient, so that's almost always what I do if I want something straightforward (just the default version) or running as a service, rather than just something to run myself.