Did anybody else have this? I don’t have an explanation atm. KDE Connect was installed via F-Droid and I used it since at least 2 years without any issues. I hope this is just a f*** up by Google and not indeed a malicious app that somehow made it to the F-Droid store.
I doubt it. Why would they care? I guess the amount of Android users who have another store installed is below 0.1%.
F-Droid itself didn’t make a good impression also. I recently got a new phone and before installing F-Droid I tried to validate the APK. F-Droid itself links to a site with signing keys and checksums but none of those checksums matches the APK they offer on their site. And while the PGP validation itself works, it’s a bit strange that they tell you “The warning about the key not being certified with a trusted signature can be ignored.”
Anyway, I’m curious if I get the same warning on the new phone on the next Play Protect scan.
Another quick update: I just fired up my old OnePlus 6 and guess what? Yeah, app removed!
My best guess right now is that the apos in the Pixel 4a and the OP6 were just outdated. F-Droid update notifications never worked for me on any phone.
Yeah, it’s also still available on F-Droid. I installed it from F-Droid on my Pixel 7 a few days ago and Google Play Protect has no complaints here. That’s why I think that the app was just out of date on the other two phones.
edit Still strange that it explicitly says “fake”.