I am not an expert, but I think this could be improved if the smartphone operating systems had better security models.
For example, an application needs "access to your disk storage", because it needs e.g. to save photos. Okay, let's give it access to its own directory. Or maybe to a subdirectory of "my pictures". But it doesn't need the access to the entire disk, right? Yet in Android, it is all or nothing.
Perhaps with better system, we wouldn't have to ban installing game mods, only to make sure that those game mods do not have unreasonable access rights. Or maybe the banking operation could state "I can only be installed when no other app has an access to my private data" or something like that.
Most people do not understand any of the authorizations they give to apps and don't want to have to understand it. They will be interested in it only after they got burned.
They just want a thing that "works and do x, y and z" without having to worry about it.
I think the problem is that big corp got them used to easy security because nobody cared before but now that security is getting harder, big corp has no choice but to gave a sense of security they promised but cannot give anymore.
For example, an application needs "access to your disk storage", because it needs e.g. to save photos. Okay, let's give it access to its own directory. Or maybe to a subdirectory of "my pictures". But it doesn't need the access to the entire disk, right? Yet in Android, it is all or nothing.
Perhaps with better system, we wouldn't have to ban installing game mods, only to make sure that those game mods do not have unreasonable access rights. Or maybe the banking operation could state "I can only be installed when no other app has an access to my private data" or something like that.