[Feedback] App installs: share your experiences & suggestions

I agree with the others, especially on those points:

• App versions can be managed per MDM
• App-Op Permissions can be allowed for Work Managed per policy

We primarily use COPE devices and prohibit sideloading, as this is one of the highest security risks. A few users are bothered by this because they would like to install apps from the F-Droid store in a private context.
At the end of July, a “southern German” newspaper wrote about european (/open source) solutions. Almost half of the article was about Google Play (vs. F-Droid) and Android (vs. e/OS). Unfortunately, the article treated “open source / data protection” as synonymous with “security” and made some interesting statements like "Safer app store: F-Droid instead of Google Play". When people read something like this, they tend to believe the statements at first and don't question them.

Currently, sideloading can only be generally allowed or prohibited. If you wanted to offer alternative app stores, you would have to be able to whitelist individual apps for sideloading/app installations. However, this still presents a chicken-and-egg dilemma, because the store itself must first be installed via sideloading. This installation in particular must be trustworthy, otherwise someone could slip in a manipulated app and cause a lot of damage. 

I can't think of a good solution, but we keep getting questions about the F-Droid store. I get why people want open source apps without tracking or ads. But for security reasons, we always have to say no to these requests.