To put the strongest face on it, by "cracked" youtube, you mean a version that shows the cracker's ads and maybe somehow generates extra clicks (or whatever) so they can get money out of it?
Cracked spotify? In my mind that's just like YouTube, almost entirely server-side. I guess you're talking about hijacking ads here, too? I feel like a "real" crack of Spotify would let you listen to music for free, but that should be impossible (unless their SWE's are incompetent).
You are approaching as is the malicious developer was trying to add useful features for the users.
But in practice, these “apps that lookalike popular apps” are not intended to just be adware-less versions of the popular apps. They are frequently “hide the ads, inject the malware with more permissions” Trojan horses.
I think there is likely a dual motive from Google where they both want to stop malware _and_ stop people blocking youtube ads. The malware problem is real though.
Those "cracked" versions often require extra permissions.
My favorite was a local "discover which on your contacts is on the leaked Covid quarantine list[1]" scam app. It claimed that the extra permission dialogs are just fearmongering by Google, who is in cahoots with big pharma, and wants covid to spread to sell more medications.
[1] In fact, no such leak has ever taken place, its existence was just part of the setup for the scam.
This doesn't make much sense to me.
To put the strongest face on it, by "cracked" youtube, you mean a version that shows the cracker's ads and maybe somehow generates extra clicks (or whatever) so they can get money out of it?
Cracked spotify? In my mind that's just like YouTube, almost entirely server-side. I guess you're talking about hijacking ads here, too? I feel like a "real" crack of Spotify would let you listen to music for free, but that should be impossible (unless their SWE's are incompetent).