> But how much malware has been distributed via F-Droid versus "Google Play Store"
There's been only a single case of malware that we know of that has slipped into distribution on F-Droid (through a supply-chain attack on a transitive dependency), and it was caught within a day. So if we were feeling glib, we might have made the claim that "there is over 224 times as much malware on the Play Store than on F-Droid".
To me, the question is not even relevant. Whatever the quality of f-droid,each use should be free to decide if they want to use it or not without Google having a life or death choice on the app that you want to use.
Yes, software on F-droid is free and reviewed for anti-features before publishing. Google Play has the worst, ad ridden, dark pattern filled, data guzzling, subscription packed, commercial slop with no real oversight on what gets published. Malware frequently gets on the Play Store, never heard of it being a problem on F-Droid.
The freedom of installing whatever you want indeed brings more opportunity to come across malware, but as long as you lose the freedom, it's up to Google to decide which apps are "safe", which are not. Google will be the only, sole source of apps, they control everything.
It's not about immediate safety, it's about safety in the long run.
I don't even understand how this is an interesting or relevant point. "Can I install what I want on my service how and when I want" is the end of the conversation.
The plea Google makes against so-called "sideloading" always refers to "malware"
But how much malware has been distributed via F-Droid versus "Google Play Store"
It could be that smaller, independent "app store" might be better managed than Google's