What I don’t understand about this whole situation: why does it matter where commits originate from if you’re dealing with an open source project? Does the Linux kernel not peer review code? Can’t security researchers from around the world comb over the source code for vulnerabilities/malware? Or is this all just political theatrics?

They really seem like they made the decision internally to force everyone into their own app and kill off as many third party apps as possible, presumably for data collection/analytics. That would explain why they’re quietly ignoring third party app devs and other alternative solutions (like the paid user API key solution discussed elsewhere).