@windlion wrote:
Not disagreeing re two factor authentication, startled to learn that remote Google Play installation without local phone control is enabled by default. Basic security ethic is reducing attack surface for any system to the minimum needed for the functional requirements -- I do not need the capability to install apps without having the phone in my hand, and would be surprised to learn that more than a few people do use such a "feature".