Note I'm mostly an Android user.
The fact that you have an anecdote does not make it a "big problem".
If you're side loading apps and entering banking credentials into them, that's a human problem, not a tech problem.
I can go all day on these. Second one ... corp Android phone. App update ships own browser engine to display about box. Flaw in about box implementation allows user to hit Google. End user uses about box to exfiltrate data from device.
Not possible on iOS. Same browser engine and controls.
As mentioned I'm an Android user, just a better human than most when it comes to using the devices.
I'm pretty sure it is possible to use a web browser on iOS.
By the way: According to Kasparsky [1] last year there have been 600 Million downloads of malware that was installed from Google play store, without any sideloading or alternative App stores involved.
And of course the Apple App store also is full of malware and shady stuff, think of all the chinese IoT apps that are phoning home etc.
[1] https://www.kaspersky.com/blog/malware-in-google-play-2023/4...
I will add that I have a lot of unsigned APKs on my device as well, but not from those sources!
And when it comes to malware it's easier for those attackers to have the malware App on the Google Play store, as this way it's much easier to convince the user to install it...
A friend of mine recently suddenly had someone drawing money from her account using an ATM that was 200 km away while she was shopping with her card. I had a look at her Android phone - nothing Sideloaded on it, they simply appear to have used a fake banking website to make her create a new card without her seeing it.
Long story short: I believe that people need to be taught on how to detect social engineering attempts. And kids should be trained on this in school already.
