For mobile apps, I don't install anything that isn't from the official AppStore/Play Store.
I see where you're coming from, but if you're downloading an APK, Android at least tells you the permissions upfront up to Lollipop and it's better with Marshmallow. So you can, in fact, download from an untrusted site, try to install, see what permissions the app wants, and cancel if you are suspicious.
With Windows, an app can do almost anything and generally you have no way of knowing.
"We have already been through this, I am not going to repeat myself." - fat_boy, in a global warming thread
I find the permissions system in Android rather unspecific. For example the permissions to read the SD card and to access the internet allows an app to upload the photo's of all my Whatsapp contacts to their own server. So even with the permissions system, you still need to trust the developer.
If a developer chooses to publish their app via an alternative source than the official store, I find that suspicious in and of itself (in general, I don't mean this as an absolute statement).