HN tends to forget that linux is not a target for general malware because nobody gives a single fuck about linux as a real malware target because they're smart, and therefore not the target of most scams. HN has the cute attitude that technology is king and that as long as you inspect it and open source it and care enough and have full control, then that's enough. Often the same people ignoring that AI has made it way easier to fuck stupid people over with no effort at all.
I don't not want unlimited control over the hardware that I buy from vendors like Google but I don't know yet of any better way to keep stupid people from kneecapping themselves other than introducing harder and harder quizzes. If you think it's an advantage that third party vendors like f-droid are absolved of responsibility then you deserve and own the fault when you get hacked and fucked over. Most people don't want that. They have real life to deal with. In real life you can kill people or sue them and it's harder to kill people over the internet.
"I am responsible for my own actions" mode.
You click that, the phone switches into a separate user space. Securenet is disabled, which is what most financial apps rely on.
Then you can install all the fun stuff you want.
This is really a matter of Google not sandboxing stuff right. Why the hell does App A need access to data or notifications from App B.