The problem is that most normal people (HN is not normal - mostly for the better) don't even understand what sideloading is - let alone actually care.
How can we fix this?
(aside from making people care - apathy enables so many political problems in the current age, but it's such a huge problem that this definitely isn't going to be the impetus to fix it)
It's not just the OS makers. They're also responding to the demand of companies and governments to control their users through them. They will not say "no".
I don't believe that entirely. For example, how much safer is a banking app protected by play protect, running on an OEM ROM with tonnes of OEM/Google/Meta malware, compared to the same running on Graphene, Lineage or Calyx? I think it's the other way around. Google or their associates convince either the banking firms, or more likely the security audit companies that the play protect (safetynet or whichever latest flavor) is an absolute necessity for security on android. In the latter case, those security firms will give the developers a checklist to follow, which will include an item on enabling that API. It's unlikely that so many banks will choose them on their own accord like that, even if a bunch of them insist on Google providing it. I have even seen banks disabling the API in their apps through updates. And they also don't have any problems with their web applications that don't have anything similar to remote attestation. Besides if you look closely, it's in Google's interest, not the bank's interest to enable these APIs. Such apps will only run on the OEM ROMs, making the open source and custom ROMs somewhat untenable.