Android shouldn't be considered Open Source anymore, since source code is published in batches and only part of the system is open, with more and more apps going behind the Google ecosystem itself.
Maybe it's time for a third large phone OS, whether it comes from China getting fed up with the US and Google's shenanigans (Huawei has HarmonyOS but it's not open) or some "GNU/Linux" touch version that has a serious ecosystem. Especially when more and more apps and services are "mobile-first" or "mobile-only" like banking.
The computer owner in (a) is not creating "malware". Any arguments that "verification" is for the protection of users (not commercial benefit of Google) are inapplicable in (a). Unlike the software in (b) the software in (a) only runs on the computer owner's computer, not anyone else's computer. There is no need in the case of (a) for Google to know about what software is running on the computer owner's computer.^1 Surely Google would agree there is no need, i.e., no right, for a computer owner seeking "verification" to know what software is running on Google's computers or the identities of Google employees.
1. None that outweighs the owner's right to privacy. Microsoft, Apple and Google all use _default_ telemetry
https://gist.github.com/alirobe/7f3b34ad89a159e6daa1
https://github.com/cedws/apple-telemetry
https://apple.stackexchange.com/questions/437068/eliminating...
https://therecord.media/google-collects-20-times-more-teleme...