I find this discussion a bit strange. Anyone who downloads any apps from the Internet is affected. In some operating systems (everyone can imagine which one is meant) there is even a risk by design. Still, everyone wants to use it.
Some of us start with the danger in the first few minutes. SFOS cannot be installed because a driver does not work? No problem, a friend of mine knows at least 5 dubious sources to get the driver and some users follow the friend’s suggestion. Sometimes even the registry of the system has to be manipulated and there are no concerns about damaging the operating system. There are millions of websites that offer programs and their origin is doubtful. These programs are used. So, the greed eats the brain. That’s is life!
There is a long discussion about good or bad quality of the apps in OpenRepos or the Jolla Store. Both are everywhere. The advantage of OpenRepos is the availability of the source code. Anyone who is interested has the option of checking the code and also making changes to the program themselves. Apps from the store are mostly closed source. Why should I trust them when I have no control? Jolla is testing for me, but what? Nobody controls every single line of code. This is an automated process for which Jolla sets the rules. Can I trust Jolla? The question must also be asked if you are concerned about OpenRepos. However, open source has the idea “trust is good, control is better”. This is also the philosophy of Linux and SFOS is a Linux derivative. Without this trust, there would be no SFOS. Consequently, there is an external repository for software (called OpenRepos) to fulfill the desire for control.
Besides, without additional apps from OpenRepos, SFOS would never have been my everyday phone. Popular and high quality examples are e.g. Image processors, navigation, Aliendalvik Control, patches and some tools that allow me to control the processes. Without this support from the community, I would have deleted SFOS a long time ago.