Yes, trusting a store like fdroid is the ideal case. However, most uninformed users would come across an apk file on their browser, trust Chrome, and then Chrome will happily install anything.
The sad part is users being trained to just click away those warnings. Installing one of the few big & trusted third party stores should not require me to go through the same warnings as getting an APK from some random third party page. Though obviously Google won't be willing to grant that much control to a third party, even if revocable.
> Installing one of the few big & trusted third party stores should not require me to go through the same warnings as getting an APK from some random third party page.
Honestly I think there should be a distinction between normal permissions and permissions required to install other APKs.
AND I think it should be more cumbersome to install an APK that wants permission to install other APKs.
If you mean windows, perhaps to an extent. On linux though, it is straightforward to do fine grained management of gpg keys for repos/ppas etc. Essentially, from the end user's standpoint, what you want chrome to ask you is "Do you trust developer Foo for the app Bar?", not "Do you trust chrome to install software?"
