And yet the choose one scenario is the one that has worked best for me. My dad would fill up his Android phone with malware regardless of scare screens. The solution was simple, and allowed at least him and I to spend more time doing other things.
It is hard to believe anyone would manage to fill Android phone with malware without going out of their way to do so.
Google Play is the default app store. You have to enable installing from other sources.
Google Play then still gets to inspect the app and warn you about possible malware.
Of course you can disable all the safety feature and only use 3rd party stores...but you have to go out of your way to do that. If person has done that without knowing what they are doing then they will probably fall for the first, second and 10,000th phishing email or phone call and there is nothing anyone can do to protect them.
You can fill your phone with malware without ever leaving the Play Store. Similar is true of the App Store, with the caveat that at least hostile iOS apps can't replace your homescreen.
In the scenario I described, equivalent action would be to set up a device policy for him that disables installing untrusted apps. You wouldn't even need to have bought him a new phone!
And yet the choose one scenario is the one that has worked best for me. My dad would fill up his Android phone with malware regardless of scare screens. The solution was simple, and allowed at least him and I to spend more time doing other things.