> Our recent analysis found over 50 times more malware from internet-sideloaded sources than on apps available through Google Play.

Maybe they could make non-Google-Play-Store installed apps become installable only if the device owner toggles a switch which enables doing this risky thing?

Maybe some toggle in the developer options? And make the developer options accessible only if a user taps several times on the Android version label in the settings?

And show a message after every reboot that both of these settings are enabled, as a warning?