[eviks]

Your explanation confuses the store with the device .Yes, at the time of download from the store you trust two parties, but that's still only "a single point in time"

[realusername]

No it's anytime you use your device. The stores can push silent updates and change your apps or access anything at any point.

The only exception I'm aware of is GrapheneOS where that's not possible. Otherwise if you are using iOS or any other Android rom than GrapheneOS, you are vulnerable to that.

[eviks]

Do you have a source for the silent remote app install for iOS by Apple, only heard of a remote disabling (but not removal) of an app there?

Though even in that case the dev can't do that, so your trust is :

web: dev every time you load an app

native: dev once you install an app, OS vendor any time