alt Hacker NewsThe real issue is that mandatory registration doesn't actually stop scammers. It stops hobbyist developers and small open source projects.
Scammers will use stolen identities or shell companies. They already do this on the Play Store itself. The $25 fee and passport upload haven't prevented the flood of scam apps there.
Meanwhile F-Droid's model (build from source, scan for trackers/malware) actually provides stronger guarantees about what the app does. No identity check needed because the code speaks for itself.
The permission-based approach someone mentioned above makes way more sense. If your app wants to read SMS or intercept notifications, sure, require extra scrutiny. But a simple calculator app or a notes tool? That's just adding friction for no security benefit.
The permission problem also affects normal apps. Things like KDE Connect quickly become useless without advanced permissions, for instance.
No permission system can work as well as a proper solution (such as banks and governments getting their shit together and investing in basic digital skills for their citizens).