Yet Google has no problem with displaying these vulnerable people scammy ads (which is also the most common way they actually discover these malicious APKs), since it brings them revenue..
What if we'd instead require users to verify themselves before being allowed to see ads? I'm sure that would be more effective for preventing scams, fraud and abuse.