Regarding Google, looks like it’s in the pipe yes, Fushia is non-GPL (permissive licenses, so no redistribution clause in case of a sudden licensing switch).

Code signing for EXE is already a thing. And @DFX4509B@lemmy.wtf is right, the same thing is happening there. Restrictions are getting more inconvenient, with Microsoft now talking about a maximum code signing certificates validity of 72 hours, with identity verification getting more strict too. Valid code signing certificates are not mandatory yet but I guess it’s a matter of time before we need to type powershell commands to disable restrictions.

There are Wireguard clients that connect based on wifi / mobile status. On f-droid WG Tunnel, WG Auto Connect, or Rethink should do.