Before smartphones, I was a "tech savvy" computer user. I would install lots of software on my computer from the internet. But I wouldn't necessarily recommend the same for people that looked to me for computer advice. Many people would go to a store and buy a box with a disc in it, which was something you could trust because incentives aligned. Stores would prefer to only carry trustworthy software (in a box) to maintain their reputation as a good store, competitive with other stores. But similarly, I would look to web sites I trusted for my software. The most sophisticated users would look to peer-reviewed, open source software, but this involves knowing either how to review it yourself, or knowing who else to trust as having reviewed it.
Smartphones could've evolved to work like the above, perhaps relying on a USB port for software installs, with options to install directly from developers on the internet, but Apple had already learned from iTunes how to use control to both ensure a pretty good experience for users while also getting a lot of money for it. Google may never have gained enough traction with Android if they didn't build the Play Store and introduce convenience and a sense of trust in that store.
So it's really hard to picture a way that this could've evolved without those stores, such that critical mass was reached on these platforms. It's also hard to envision a strong, competitive alternative. The "masses" choose convenience the vast majority of the time, and they also largely want to trust one source for their software needs. They do not want to figure out whether to trust lots of software providers.
There will always be bad actors who take advantage of concepts like "the open web", so how do you keep things open, but safe and trusted? Can you create a federated system that has "experts you trust" and "peers you trust" and then can go to their recommendations to see which software providers to trust? And wrap that into a pretty tidy interface that everyone can easily adopt? And have the trust system and the device platforms work nicely together to prevent "middle man" attacks?
Sony rootkit springs to mind. The only reason they had the attention it did was that it was so comparatively early in the days of the internet, that consensus on how bad it was was formed by computer literate people. It was also less of an endemic problem. It has nothing to do with aligned incentives.
For a counterexample, Apple has a walled garden that has the properties you want - curated by experts, no sideloading etc. Out and out viruses aren’t common but you still have various kinds of malware that’s hard to remove (and obnoxious in-app adds and dickish dark patterns)
I think web quality sandboxing for installed apps would mitigate security issues sufficiently to make less restrictive discovery and reputation mechanisms viable again.
Before smartphones, I was a "tech savvy" computer user. I would install lots of software on my computer from the internet. But I wouldn't necessarily recommend the same for people that looked to me for computer advice. Many people would go to a store and buy a box with a disc in it, which was something you could trust because incentives aligned. Stores would prefer to only carry trustworthy software (in a box) to maintain their reputation as a good store, competitive with other stores. But similarly, I would look to web sites I trusted for my software. The most sophisticated users would look to peer-reviewed, open source software, but this involves knowing either how to review it yourself, or knowing who else to trust as having reviewed it.
Smartphones could've evolved to work like the above, perhaps relying on a USB port for software installs, with options to install directly from developers on the internet, but Apple had already learned from iTunes how to use control to both ensure a pretty good experience for users while also getting a lot of money for it. Google may never have gained enough traction with Android if they didn't build the Play Store and introduce convenience and a sense of trust in that store.
So it's really hard to picture a way that this could've evolved without those stores, such that critical mass was reached on these platforms. It's also hard to envision a strong, competitive alternative. The "masses" choose convenience the vast majority of the time, and they also largely want to trust one source for their software needs. They do not want to figure out whether to trust lots of software providers.
There will always be bad actors who take advantage of concepts like "the open web", so how do you keep things open, but safe and trusted? Can you create a federated system that has "experts you trust" and "peers you trust" and then can go to their recommendations to see which software providers to trust? And wrap that into a pretty tidy interface that everyone can easily adopt? And have the trust system and the device platforms work nicely together to prevent "middle man" attacks?