Basically things like this on iOS, but without having to install an enterprise certificate and Apple needing to negotiate in courts on how much they can warn users about side-loading risks:
The Mac is absolutely vulnerable to such things
Note that typical device compromises against iOS/macOS have to leverage things like the Safari browser and iMessage content rendering to get a footprint. Sideloading opens the door to a much wider set of non-audited apps.
Once you have a footprint, one can seek to exploit the full API surface of the OS for privilege escalation. So while security vulnerabilities are generally on a severity scale, some lower severity items gain a much broader exposure for exploit.
They aren't likely to because those apps aren't written, or if they are written they aren't in the Mac App Store. On one hand you have a culture of safety through the App Store primarily for consumption apps, on the other you have mostly web-based apps with an occasional direct download of an app.
The App Store generates money because it created the expectation that apps were safe. That expectation is accomplished through a concert of both technological measures and auditing/review - neither one is sufficient.
You do realize that if not having third party app stores is anticompetitive, warning users of security risks when they install or use a third party App Store or third party apps is also going to get looked upon poorly by the courts as well - right?
Contracts are mutual agreements. It is hard for Epic to make a case that they were bullied into terms they couldn't agree to when they 1) had been operating under that contract for a decade 2) have treated this as a moral crusade rather than as a business/revenue conflict 3) elected themselves not to re-list Fortnight in the App Store.
Well sure, 30% sucks a lot more than 15% or 0%. That isn't a legal argument however
Apple also hardly is going to make the case that security is currently water-tight. They'll just:
- List the investments they make in security in the face of some recent example threats
- Point at the disaster which is Android