(2) Traceability. git has secure hashes, and things can't change when you're not looking.

My experience is that Google cares deeply about its own security, but not much about the security of its users. This sort of change is reasonable, but completely outside of Google's psyche. Google will

(1) Silently disable Android updates, leaving many running exploitable phones

(2) Hold back security tools for Google Apps without a premium subscription. If your account was compromised, you have no way to do audits to understand what happened without $$$, which leads to many more attackers.

(3) Expires Chromebooks rather quickly. Fortunately, unlike Android, it lets users know, but given the target market, many can't afford to upgrade.

(4) Runs appstores full of malware. When malware is discovered, users have no way to know what it did. They're just notified malware existed.

(5) Doesn't allow any sort of reasonable sandboxing of Android apps. If an app asks for filesystem, maps, and other permissions, you need to agree to run the app. I can't have Android give a dummy location or otherwise

Given that the bulk of Google's business model is built on mass surveillance for advertising, with users-as-statistics, this isn't too surprising, but it's something to be aware of if you use Google.

I firmly believe in civil liability for software companies which ship insecure products. They shouldn't be able to externalize costs like this. Follow good security practices, or your insurance premiums go up.