The question posed by the OP is systematic: people are willing to 'not pay' for things because the 'short term benefit' is 'less cost' while the longer term risk, ie 'hackerware' is more vaugue.
A lot of things in life are like this.
Back in the day, the fire Dept. were private, they didn't come unless you were paying them insurance.
Given the common nature of 'fire' - and especially that it 'spreads to other homes' ... it makes too much sense for everyone to have it, and so we socialised it. We all pay for fire insurance via our homes.
The argument being, is that if people paid for apps, devs wouldn't have to resort to as much trickery, and there would be less use of malware. Though it's not so clear.
Given the excessive cost of iPhones and the significant rake on apps (~30%), Apple should cover this problem. They mostly do, but obviously not entirely.
I wonder if there should be a 3rd party lib repo where the code has to be open sourced, and 'someone' has to pay for a review of some kind. And you have to stick to such repos if you want a certain kind of certification.
It's an interesting problem in 2020, and looking back, it's almost amazing that in 1999 the web was so amazingly relatively safe, and that there wasn't so much existential angst over security. How naive we were!
Absolutely! Every minute spent on fine-tuning an ad SDK is a minute not spent on making the app better for paying customers. Most of these SDKs are not just drag and drop, either; developers have to spend a lot of time configuring the attribution schemes and to update them periodically.
There's a huge international market of potential app users that tolerate ads but would never pay to purchase an app. Even in affluent areas, many people balk at a $0.99 app but are totally fine with ads. This, of course, is the entire business model of Facebook, Instagram, etc.
The billion dollar question is: how do you monetize non-paying users, at scale, without ads?
I do think there's a problem where companies add ad network SDKs (or, on the web, ad tags) without considering the privacy or security risks, and instead think only "more ad networks will make us more money".
On the other hand, the two main options to this are (a) people only install SDKs/tags from ad networks with strong reputations or (b) a system like AMP, where ad networks can choose between running in a sandbox (xdomain iframe) and submitting their code as an open source extension for review. Option (a) has the major downside of helping existing players and players with non-ads businesses that strengthen their reputation (like my employer). Option (b) is better, but still hard to do well.
(Disclosure: I work for Google, on ads. Speaking only for myself.)
I think a big problem here is the lack of liability.
If you are making a hardware device, decide to include a dodgy module from AliExpress and then the device starts catching fire and burning your customer's homes you will at least be subject to a lawsuit, so you won't even consider doing this.
This should be the same when it comes to third-party binaries and SDKs. Even if you respect the law (when it comes to privacy, GDPR, consumer rights, etc), you also need to do your due diligence and make sure any third-party code you embed also does respect it otherwise you should be subject to lawsuits.
The result would be that a lot of dodgy ad networks would go away (because no respectable app developer would do business with them), ad networks themselves would be more selective in what kind of ads they run (ad prices will go up to compensate for the cost of vetting them), and overall I think it'll be a win for everyone; customers are not only safer but also see higher quality ads because the "bottom of the barrel" stuff has been pushed out of the market.
Obviously nobody wants hackwerware.
The question posed by the OP is systematic: people are willing to 'not pay' for things because the 'short term benefit' is 'less cost' while the longer term risk, ie 'hackerware' is more vaugue.
A lot of things in life are like this.
Back in the day, the fire Dept. were private, they didn't come unless you were paying them insurance.
Given the common nature of 'fire' - and especially that it 'spreads to other homes' ... it makes too much sense for everyone to have it, and so we socialised it. We all pay for fire insurance via our homes.
The argument being, is that if people paid for apps, devs wouldn't have to resort to as much trickery, and there would be less use of malware. Though it's not so clear.
Given the excessive cost of iPhones and the significant rake on apps (~30%), Apple should cover this problem. They mostly do, but obviously not entirely.
I wonder if there should be a 3rd party lib repo where the code has to be open sourced, and 'someone' has to pay for a review of some kind. And you have to stick to such repos if you want a certain kind of certification.
It's an interesting problem in 2020, and looking back, it's almost amazing that in 1999 the web was so amazingly relatively safe, and that there wasn't so much existential angst over security. How naive we were!