On most Android devices, sideloading is turned off by default such that the device will block any APK not downloaded through only Google Play (or the Galaxy Store, if you’re using a Galaxy). You have to go into Settings > Apps > Special App Access, check a box usually labeled “Install apps from unknown sources”, and acknowledge a warning before you can turn on sideloading; on my Pixel you can even restrict it to certain sources (I have it turned on for Chrome, Fdroid, Firefox, Files by Google and Google Drive, but not for other apps such as WhatsApp, TOR or Gmail). And most Android users who sideload apps do so through a third-party app store like Fdroid or the Amazon App Store, or through a developer they already know and trust. Honestly, I feel like I’d have to be actively looking through the dark web to get close to downloading malware.
I also want to point out that if you have a Mac or MacBook, it enables sideloading by default (hence why you can download apps like Word or Firefox or Spotify). If you want to disable sideloading so the user can’t download apps outside the macOS App Store, you have to go into Settings > Privacy & Security > Security, then under “Allow apps downloaded from” change it from “App Store and identified developers” to “App Store”. The only major desktop OS that has sideloading turned off by default is, ironically enough, Chrome OS.
On most Android devices, sideloading is turned off by default such that the device will block any APK not downloaded through only Google Play (or the Galaxy Store, if you’re using a Galaxy). You have to go into Settings > Apps > Special App Access, check a box usually labeled “Install apps from unknown sources”, and acknowledge a warning before you can turn on sideloading; on my Pixel you can even restrict it to certain sources (I have it turned on for Chrome, Fdroid, Firefox, Files by Google and Google Drive, but not for other apps such as WhatsApp, TOR or Gmail). And most Android users who sideload apps do so through a third-party app store like Fdroid or the Amazon App Store, or through a developer they already know and trust. Honestly, I feel like I’d have to be actively looking through the dark web to get close to downloading malware.
I also want to point out that if you have a Mac or MacBook, it enables sideloading by default (hence why you can download apps like Word or Firefox or Spotify). If you want to disable sideloading so the user can’t download apps outside the macOS App Store, you have to go into Settings > Privacy & Security > Security, then under “Allow apps downloaded from” change it from “App Store and identified developers” to “App Store”. The only major desktop OS that has sideloading turned off by default is, ironically enough, Chrome OS.