Apps not in google play store but play protect recognizes their developer

Question

When the play protect says "it do not recognize the developer" when installing the application it means it has not seen the signature used in the application before in any play store application right?

But I have a question, we all have seen certain apps that are not in the play store but we use them now and then.

For example, we have the Fortnite mobile app, I looked into the web about the reason why it's not in the play store and there I found that they distribute the apk from their website directly because they do not want to pay google play the 30% of the in game purchase ammount that they charge from every application for advertising the application and distribution of the app.

There is also the F-Droid application that lets you download other open-source applications which are not available on the play store.
And many others like AdAway, Lawnchair, Venced Manager etc.

There are also modded applications of Prime Videos, Netflix, Spotify and completely separate apps like HotFlix, TeaTv etc. similar to them.

When we install these apps from outside the play store we don't get any error saying "Play protect doesn't recognise this app's developer, apps from unknown developers may be harmful".

So my question is do they use any signature that is for general use which is also known to google play protect like those open-source licenses we see in github while creating a new repo? or do they all have uploaded their apps in the play store and got banned, denied their policies, or something else?

I am asking this question because I could not find a satisfactory answer anywhere and nobody writes about it anywhere, if there are any mod creators reading this then they can help me out too 😉.

Note: Turning the play protect off is not a solution and I don't do that while installing other apps mentioned above so don't reply with that 😊.

Answer 1

When you release a signed .aab file to Google Play then it will be from a signed Google Partner, (I think that is what it is called). If you download an app that has not been cataloged as an Approved Signature with Google Play, then it is considered side loading.

Side loading is basically installing and .aab or .apk file that has not been verified by Google. So when you side load (install app away from Play Store) Google doesn't recognize the signature. So therefore it says this app is from an untrusted source.

So basically it boils down to whether or not Google has reviewed and approved the signature. This just a security measure that Google puts in place so that it categorized the signature as trusted or not trusted.

It's the same with desktop applications. If it doesn't have a certificate then it's from an unknown publisher.

So with Fortnite the reason why it's not on the Google Play store is because of Google Policy violations with Epic Gaming. So since they would not correct the violation of policy they were removed. So now Fortnite has an .apk file that will run on Android but it is no longer an approved signature in the Google Play database.

That's why Fortnite says it's an untrusted or unrecognizable signature. So it boils down to whether a signature has been added to the database.

You can go into developer mode on your phone and turn on the side loading option and you won't get that message.