> Good, it shouldn't be two clicks for elderly people to install trojans on their phone that then drain their bank account.

And what makes you think that most scams involve fancy zero days/CVEs/hijacking the OS, and not simple social engineering?

You do not require a malicious apk to receive 2FA codes, or for the gullible user to read them aloud to the scammer. All phones come with an SMS and phone app.

You do not require a malicious apk to send transactions in banking apps (eg tricking people selling their product to send the money.)

You do not require a malicious apk to engage in a pig butchering scam, or to buy gift cards.

> There should be some explicit confirmation that the user knows what they are doing and they are not being scammed. It is long overdue.

I agree. Social engineering counters should have awareness raised by the governments. But blocking 3rd party apps for this is like using a cannon to shoot a mosquito. I'm not sure it makes the slightest of sense.