The problem is that there are very good reasons to have specific authoritative app stores/package repositories. and it is a lot harder to have privileged and unprivileged accounts on a phone versus a computer.
But yeah. Something has to be done about that since it is the fundamental issue with mobile devices.
The issue is less the app store itself and more the applications in it. Because while I agree that basically everything should run sandboxed unless specifically given permission, the problem is more about sourcing the apps themselves.
Google and Apple are far from perfect but they do a good job of protecting big companies. So if you download "Chase bank app" with 12 million stars from "Chase bank company" (like, their actual account and not just me half assing it) then you can pretty much trust that is legit. Whereas downloading that on a random app store you bought so you can play pubg mobile locally or whatever nonsense people were doing? You can pretty much trust that it is not legit but most people won't understand that.
In a perfect world? I would love it if people got into a habit of checking hashes (which, is an inherently flawed approach but "works pretty well" if you aren't already compromised) and so forth. As it stands? There are very good reasons to just tell grandpa to not install random APKs he found on the internet.
Exactly. I don't even use the Play store on GrapheneOS, I use Aurora to get apps from Google Play, and F-Droid for everything else. I don't even have Google Play services running at all on my main profile, it only runs on my "work" profile because I need an app that needs it.
Congrats. You just volunteered to teach all the boomers (and the zoomers who can't do anything that isn't google docs) how to set all that up and maintain it
Then to switch, there will be a new icon next to the Settings icon when you swipe down. Tap that and select the profile you want.
I use GrapheneOS, which ships w/o Google Play by default (installation process is a little trickier, but still easy), but most phones won't have an option to uninstall Google Play since it's a default system app. But if have managed to install GrapheneOS, setting up a profile to quarantine your Google Play apps is pretty easy.