Sure, vetting apps can be quite efficient at preventing malware.
But if a sideloaded app can do significantly more harm than just visiting a malicious website (which a scammer can already direct a victim to do), maybe the OS is providing too dangerous (or coarsely-controllable) permissions via its APIs?
But if a sideloaded app can do significantly more harm than just visiting a malicious website (which a scammer can already direct a victim to do), maybe the OS is providing too dangerous (or coarsely-controllable) permissions via its APIs?