Is it possible to allow sideloading and keep users safe?

Sandboxing should prevent most of those issues. We can't control the users giving permissions to everything, but with more control on those permissions, or disabled by default, a phone should stay pretty safe, or am I missing something?

Its not the sandboxing, its the access to user data that apps can request. a mobile OS allows apps to request and be granted all kinds of permissions, and 80% of the world population doesn't really understand what all things are possible for each of the permissions they give to an app. For example being able to export the whole contact list, or read all files in folders (where users may have saved notes with passwords) or real time tracking of gps location with wifi mac address sniffing, listen in on conversations, be able to screenshot other apps, trigger touch events... none of this a sandbox can prevent.

When there are problems reported about an app, there has to be a known party to hold accountable. I agree that a developer path that is complex enough that only people who know all the impacts are able to use to side load random apps they own or from someone they can trust, but the general population has to be protected unless at the individual level they are savvy.

> there has to be a known party to hold accountable

So no free applications. Prepare to pay a subscription for every flashlight app.