They've been claiming since 2023 that sideloading has been a favored attack vector.
"The Global Scam Report also found that scams were most often initiated by sending scam links via various messaging platforms to get users to install malicious apps and very often paired with a phone call posing to be from a valid entity."