I suspect that this is less driven by users and more driven by institutions. Banking trojans distributed via sideloading are a big problem. Banks are unhappy that their users are getting their shit stolen because some other app is squatting on 2fa codes or whatever. They'd rather that their apps are not installed alongside apps that are more likely to be malware given that there isn't a private channel for auth codes for the vast majority of users.