alt Hacker NewsAgree with this middle path you point out. On one hand, I do not want some apps to be distributed anonymously, I need to know who is behind it in order to trust the app. On the other hand, many apps are benign.
Permissions are a great way to distinguish.
Do you need Google to compel the author to start a business relationship with them, which they can cut off at any time?
Or would you be OK knowing that Thunderbird you downloaded from https://thunderbird.net/ is signed by the thunderbird.net certificate owner?