I don't believe you understood my comment. Third party app stores with more lax, less resourced app review procedures would result in arbitrary attacker code being run on end-user devices, that, given enough time, would escape the sandbox. It's a layered defense: signing/developer identity account, app store review, sandboxing, specific user-approved permissions.

No one part of it is bulletproof, as we saw with CVE-2020-3883.