Maybe apps should be signed and issued certs by neutral authorities like SSL certs are issued (like Let's Encrypt).. Maybe also issue bulk cert updates with OS updates or virus scan updates like browser updates bring SSL root cert updates..