Kaspersky detected more than 1.1 million malicious APKs for android in 2024 [^1]
As per Apple, they rejected 2 million app submissions in 2024 [^2]
So from a birds eye perspective there doesn't appear to be much difference, with iOS even taking the lead, but the key difference is that Kaspersky is not Google, and can only detect malicious software after it has been published. Apple has rejected app submissions over privacy issues, meaning those 2 million apps never made it to the public.
According to Zimperium Global Mobile Threat report [^3], 25% of Android devices have sideloaded apps, and 20% are malware infected (correlatoin is not causation, yet).
Zimperium telemetry also reveals that 38% of detected malware attacks could be tracked to sideloaded apps [^4].
So no, it is certainly not some fabricated threat, but a very realistic and probably threat scenario.
I'm also not trying to take away anybodys freedom, you're free to install whatever you want, but you don't need root access to do it. Very few use cases on a phone requires the user to have root access.
As per Apple, they rejected 2 million app submissions in 2024 [^2]
So from a birds eye perspective there doesn't appear to be much difference, with iOS even taking the lead, but the key difference is that Kaspersky is not Google, and can only detect malicious software after it has been published. Apple has rejected app submissions over privacy issues, meaning those 2 million apps never made it to the public.
According to Zimperium Global Mobile Threat report [^3], 25% of Android devices have sideloaded apps, and 20% are malware infected (correlatoin is not causation, yet). Zimperium telemetry also reveals that 38% of detected malware attacks could be tracked to sideloaded apps [^4].
So no, it is certainly not some fabricated threat, but a very realistic and probably threat scenario. I'm also not trying to take away anybodys freedom, you're free to install whatever you want, but you don't need root access to do it. Very few use cases on a phone requires the user to have root access.
[^1] : https://securelist.com/mobile-threat-report-2024/115494/
[^2] : https://www.apple.com/newsroom/2025/05/the-app-store-prevent...
[^3] : https://lp.zimperium.com/hubfs/Reports/2025%20Global%20Mobil...
[^4] : https://zimperium.com/blog/the-hidden-risks-of-sideloading-a...