alt Hacker NewsI do talk to computer users and they do fear making installations. Many of them have installed something that was adware or a virus, often without meaning to and regretted the results. I have been helping my family and extended family members fix their errors for a long time. This pushes them to big names with names to spoil.
I suspect that the GP is, as you write, lamenting the lack of attention to the topic.
> This is fearmongering logic that doesn't really defend the App Store
I agree it doesn't defend the app store. It wasn't about the app store at all. It is about the social problem of the persistent existence of people who choose to purposely do others harm. The problem for most people isn't the app store but those who attempt to get exploits and quasi-exploits into the app stores.
I also agree that you still have to be cautious when using the app stores. Are you claiming that the app store controls do nothing to reduce the presence of malicious apps in their stores? The article you link starts by noting that the app was removed the day after that post was made. That is exactly why people feel more comfortable using the app store.
> the app was removed the day after that post was made
LastPass has been downloaded in excess of 50 million times in the past 10 years. As many as 10,000 users could have installed the app and turned over their credentials to the trojan version in a 24 hour period. If your manual review takes a day to respond, it's already too late at Apple's scale.
> That is exactly why people feel more comfortable using the app store.
Then why does the App Store represent the minority of software sales on platforms like macOS, where users are given free reign to download whatever they want? It seems like users are overwhelmingly uncomfortable sticking to the App Store, if you take their actions and spending into account.
Apathy seems to be the best explainer here. Users don't care about security at all, they are just consuming whatever is put in front of them. That's why social engineering like LastPass works, and it's why you see people ignore systemic backdoor efforts like Client Side Scanning and Push notifications. They might be afraid of getting hacked, but it's plainly clear that none of them care enough to make a change in their lifestyle.