Google has a pretty good legal team. Their developer ToS that absolves them of any sort of liability for anything. So this means VW is just being lazy and not seeking legal protection.

https://play.google/developer-distribution-agreement.html

>Their developer ToS that absolves them of any sort of liability for anything.

This is... obviously not true?

If you could (somehow) meaningfully damage a car via the app, do you think VW wouldn't be liable because of the Google Play developer ToS?

My point was that Google would not be liable. VW cannot evade liability from app misbehavior by using Google Play Protect, so why do they do it?

It will look better for the project lead if there's an issue though. You can say that you enabled everything recommended by Google or w/e, following best practices, and still got pwned instead of arguing that your own security model had a tiny little flaw that no one recognized. And it frees up project hours which can either be the difference between doing the project or not doing it and/or allow you to have other project work billed to this project.

> VW is just being lazy

Maybe they rather be lazy and be able to shift blame, even without much legal recourse.

They don't care about legal recourse. If there's something wrong, they'll just change the laws. That's why they don't care about GrapheneOS users, or any EU regulation which could harm them.