This is only somewhat true for the software most popular with technical users - the sort of thing the average Hacker News reader might be familiar with.
There is a long tail of malware in app stores, despite the efforts of app vendors to police such things. Nobody would be bothering to fork them because most technical users don't care about them, but they still attract lots of victims.
Example: malicious Chrome extensions. Authors of Chrome extensions receive enticing offers to sell and sometimes they do.
Yes, malware does exist in app stores. I don't really see how that's related to Free Software though?
When I say user-hostile features I'm not talking about malware. Yes, I suppose theoretically you could fork a Free Software malware app and make it not-malware, but that's not what I'm talking about here. I'm talking about things like Samsung putting ads on your TV home screen[1], or BMW charging a monthly subscription to access your car's seat heaters[2], or Sweden trying to install a backdoor in Signal. With Free Software, users get the final say on whether those features are installed on their devices or not.
If malware isn’t user-hostile, I don’t know what is? It works both ways. A fork can fix something that’s user-hostile, but it can also introduce malware into an otherwise useful app that didn’t already have it, and many users won’t know which one to install. There’s no guarantee that any security researcher is watching. In practice we rely largely on reputation, and sometimes that’s the blind leading the blind.
Users don’t get final say in what their devices do unless a software developer is willing and able to help them. Most are actually pretty helpless on their own.
Yes, forks can do anything. That's the point: to make it possible to create software that behaves the way the user wants and not just the way it was originally programed.
There are lots of ways to figure out what version to install; which is a lot better than having literally no choice because there's only one option available: the one with homescreen ads/government backdoors/seat heater subscriptions.
Will some users make the wrong choice? Yes. Is that a valid justification for treating everyone like children unable to make decisions for themsleves? Absolutely not. Just as there are other ways to prevent real-world crime than by locking everyone in concentration camps, there are other ways to prevent cybercrime than by locking everyone in an inescapable walled garden.
There is a long tail of malware in app stores, despite the efforts of app vendors to police such things. Nobody would be bothering to fork them because most technical users don't care about them, but they still attract lots of victims.
Example: malicious Chrome extensions. Authors of Chrome extensions receive enticing offers to sell and sometimes they do.