App installs and updates are still subject to code signing, and unless you jailbroke the device by some other means, any code that would be able to mess with the OS' public keys used to to authenticate the signatures would have to be signed itself and presumably would have to come in the form of a signed OS update.