Yeah no, applications need to be secure by default. Blaming the user does nothing to actually improve the security posture anywhere. The security posture of the app needs to be specifically designed with the least-skilled users in mind because they are also the most vulnerable to this type of problem. Google meanwhile is full of talented engineers who are experts at identifying and combatting this type of malware scam.
To look at it another way, what google is actually doing here is intentionally exposing their users to malware in order to take a cut in the form of advertising revenue.