F-Droid at least does a quick review to make sure there's nothing malicious in the app before adding it. Since we know Google does something similar and there is still malware on the Play Store one might reasonably conclude that Google doesn't actually care about malware.
Now, it might be a problem of vetting at scale or malware being really subtle, but if that's the case Google should focus on improving their process before locking down Android for "security".
My point is that Google does not want to protect users by restricting "side loading". If they actually wanted that, they would remove all the malware in their store. They are just building higher walls in the walled garden to lock you in.
Right, but the Debian Developers don't prevent you from installing (installing, not "sideloading") other programs. If you want to install malware you're free to, but they don't distribute it.
You can still install any ROM you want. Not having Play Store has some downsides, but those trades offs should be familiar to a free software enthusiast.
You can only do this on a tiny number of devices supporting free drivers (and mainline kernel), otherwise you are tied to an ancient Linux kernel. I'm using Librem 5 btw and don't believe that Android, whose development completely depends on Google, is a viable long-term solution.