Comment by stockresearcher

fdroid is based in the EU and the Cyber Resilience Act was already going to force them to either make their filters more strict (absolutely prohibit anything with any sort of "monetization"), or start collecting this data.

If they have anything on the platform that is subject to the CRA, they are a distributer:

https://www.cyberresilienceact.eu/cra-guide-for-importers-di...