Suppose for argument this statistic were true. It still does not fully capture people's risk.

P(malware) = P(nalware | Google Play) * P(Google Play) + P(malware | non-Google Play) * P(non-Google Play)

It's the combination of both factors that counts. Even if Google Play has a lower malware rate, a user is still far more likely to try to install apps through Google Play given the sheer size of its catalog and its prominent, default placement on people's devices.

I mean, I’m sure “Fortnite with infinite vbucks.apk” has a much worse malware rate than the play store, but I’m almost certain that fdroid has a lower malware rate than the play store and I honestly suspect even “random apks off github” might have a similar rate to the play store