And still...
My bank insists that banking through their mobile App is perfectly safe...
Password managers on mobile devices can be tricked by imposter apps into handing over a user's passwords. This according to a paper [PDF] from researchers with the University of Genoa and EURECOM, who found that the Android Instant Apps feature is designed and can ask for, and receive, stored credentials from password managers …
It is perfectly safe for them. After all, if anything happens it'll be YOU who allowed something to run on the device and which pilfered your passwords, and thence your money.
Trojans first delivered by reel tape to mainframe owners as demo programs or utilities (apps).
I'm thinking it's a problem that's not going to go away. Even if dialogs popup people just click on OK. Almost all PC infections are aided by the user "installing".
There isn't the economic necessity for Google to even try very hard to vet apps for store. Besides it's probably not possible to stop cleverly written Trojans.
I'm a bit confused as to your conclusion. Are you saying that Google shouldn't even try? No security system is perfect. Take the average Front door. It might have a bolt, a lock and a yale or chubb lock on it. It's going to stop most people getting in, but there is always the odd person who is willing to try something a little different, like a crow bar or a well placed boot. Does that mean you don't bother installing locks on your door? Even those locks used in high security places such as bank vaults have vulnerabilities.
My Software Engineering Management lecturer (who even when I did my degree 20 years ago, tried to teach us to design security into our systems) always said there is an old maxim in security. It is "Security, Features, Usability: Pick two". He also used to tell us that all security is a sort of best effort thing (my words, not his). Perfect security is currently impossible, and he used to like to joke that the person who invented the perfect security system would become very wealthy very quickly.
I think Google need to monitor the app store, but while any verification process they implement will catch a lot of nasties, it's going to miss some (even Apple's system misses some), and people should not consider it a good replacement for the question "Do I *really* need to install this program?", or "Does this program really need the rights it's asking for?"
"Are you saying that Google shouldn't even try?"
My understanding of the article is the opposite conclusion. Google has effectively left the door wide open and absolutely should try harder by making it easier to identify apps correctly. They are the gatekeepers to the Android ecosystem and have to be more responsible about it.