Yeah, it's definitely a piece to the puzzle. I still think it's not so hard to prove that increasingly technical literacy, outlawing deceptive UX and language that prey on information asymmetry, and providing increased autonomy with more fine-grained and visible security controls is a net win for the population, whether or not this particular method of Google's is effective enough against spam compared to some baseline.

Agreed. Android already has seriously big whitelisting requirement for installing applications from outside the Google Play store.

The correct way to do it would be to whitelist other good stores, and allow developer mode installs with an extra process that says explicitly I am extra sure this may be danger, but no. This would reduce Google's income streams.

The way I see it, it must be attacked the way default Internet Explorer was attacked.