> It's not clear at all that a scammer is on the phone, instructing people to click through every warning that they see while sideloading a malicious app.

Google claims this to be a very common or majority attack vector.

"The Global Scam Report also found that scams were most often initiated by sending scam links via various messaging platforms to get users to install malicious apps and very often paired with a phone call posing to be from a valid entity."

https://security.googleblog.com/2024/02/piloting-new-ways-to...

> If you're first attaching your account to the device, you simply check a box that says this is an advanced user's phone.

I completely agree this is a perfectly valid solution but what about those who already setup their device? The security of the checkbox only works if you click it before someone attempts to scam you.

> the most obvious, straightforward, user-friendly approach, and it was never even discussed

Fwiw, it was "discussed" in the sense that the person we're arguing with meant upthread ("let's discuss a good solution instead of this boring repetitive outrage"), but it's not like Google listens to that so any such discussion is pointless anyway. It is indeed the obvious solution and it comes up in each of these threads, but believers like GP can always be new rationalizations of why Google doesn't implement one proposal or another