Who knows what the original play store apps did to begin with. Most of the top apps are basically malware. Maybe someone added a bitcoin miner to the existing spyware that came from the original app but it just comes back to the same thing that you can't trust proprietary software to be safe.
But at least if the original play store apps have spyware issues, you can generally find a developer/company behind them to blame. If Google updates the Gmail app to include a bitcoin miner, people are going to find out and be pissed at Google.
If someone takes the Gmail app, injects a bitcoin miner and uploads it to a third-party store, who gets the blame?
Will Google pay me damages if they let someone distribute malware on the Play Store, as has happened before? As far as I know, they won't, so how is Aptoide any worse?
My point is that saying it's all the consumers responsibility is a highly one-sided argument in favour of the vendor/service provider.
The amount of work a person would have to do to research every facet of every product they buy is insurmountable. There is no possible way for them to know everything about a product they are thinking of buying or using.
Expecting the average user to know which apps on any given app store are ridden with malware is a mighty tall order.
The customer will always have some level of ignorance about the product, so some measure of consumer protection is required.
