[eviks]

How can they modify the app on your device silently?

[realusername]

They have system access and can push anything on your device. In the past you could have an actual developer signature on the play store but Google got rid of it, on iOS there's never been any support at all of this kind of security.

Fdroid supports that but you need a modified rom so that the play store cannot interfere with it in any way. To my knowledge, only GrapheneOS does that.

[eviks]

Your explanation confuses the store with the device .Yes, at the time of download from the store you trust two parties, but that's still only "a single point in time"

[realusername]

No it's anytime you use your device. The stores can push silent updates and change your apps or access anything at any point.

The only exception I'm aware of is GrapheneOS where that's not possible. Otherwise if you are using iOS or any other Android rom than GrapheneOS, you are vulnerable to that.

[eviks]

Do you have a source for the silent remote app install for iOS by Apple, only heard of a remote disabling (but not removal) of an app there?

Though even in that case the dev can't do that, so your trust is :

web: dev every time you load an app

native: dev once you install an app, OS vendor any time