This is actually a big problem on Android. My ex father-in-law literally had his bank account ripped off (£18000) from rogue app installed from outside the app store. And Google's stewardship of the play store is terrible.
ALL problems are human problems. Don't try and write this off with that one.
I can go all day on these. Second one ... corp Android phone. App update ships own browser engine to display about box. Flaw in about box implementation allows user to hit Google. End user uses about box to exfiltrate data from device.
Not possible on iOS. Same browser engine and controls.
As mentioned I'm an Android user, just a better human than most when it comes to using the devices.
Uh, no it isn't. Otherwise screentime would work in browsers other than Safari. Maybe corporate limits use a different system and checks, but that would be silly.
Ignoring this kind of absurd distinction is what made Apple the most valuable company on earth. (That doesn't justify their behaviour in this case, as PWAs are a secure alternative to sideloading.)
That story sounds rather fishy. So your father has found the hidden option to enable developer mode which allows APKs to be sideloaded, and then went to some website to download and install an APK?
By the way: According to Kasparsky [1] last year there have been 600 Million downloads of malware that was installed from Google play store, without any sideloading or alternative App stores involved.
And of course the Apple App store also is full of malware and shady stuff, think of all the chinese IoT apps that are phoning home etc.
Yeah he was persuaded to do it, ironically considering YT is Google, using a video on YT which was trying to sell him VPN software. I blame the paranoia from the constant VPN industry adds being forced down your throat really but the point is that it still does happen.
I will add that I have a lot of unsigned APKs on my device as well, but not from those sources!
Ok, but then we are talking about social engineering, and not a technical matter. Social engineering works no matter what the platform is. The caller could have convinced him to give him banking TAN numbers, or send them money etc.
And when it comes to malware it's easier for those attackers to have the malware App on the Google Play store, as this way it's much easier to convince the user to install it...
A friend of mine recently suddenly had someone drawing money from her account using an ATM that was 200 km away while she was shopping with her card. I had a look at her Android phone - nothing Sideloaded on it, they simply appear to have used a fake banking website to make her create a new card without her seeing it.
Long story short: I believe that people need to be taught on how to detect social engineering attempts. And kids should be trained on this in school already.
Note I'm mostly an Android user.