There are many real-world sideloading abuse cases in China. Attackers often trick victims with plausible stories—e.g., claiming a flight is delayed—and ask them to sideload an app (a remote‑meeting or remote‑control tool) to share their screen. Once installed, the attacker can view the victim’s screen and intercept SMS 2FA codes for online banking or other sensitive accounts.
Other schemes include impersonating sex workers to lure victims into nude video chats, then persuading them to install an app that harvests private content and contacts for blackmail.
https://news.ycombinator.com/item?id=48800972