upvote
>and having a certified developer program with heavily locked down run mode for the 1% of high security apps like banking and payment apps.

How do you determine/enforce whether an app is a "payment app" without a centralized developer program? They don't require any special privileges. After all, most banking apps have web equivalents.

reply
How does Android know if an apk that nobody has ever seen before is a payment or banking app?

You could probably restrict "risky" APIs like draw-over-other-apps, but tbh I think that would be a worse solution than just making people wait 24 hours once.

reply