That depends on the wallet you use (such as Electrum),
1. There's no automatic update if you use Electrum
2. You can use PGP verification (rather than hash) to verify integrity of the files. If someone who don't have the PGP private key attempt to upload malicious version of Electrum, PGP verification will fail and people will realize something is wrong.
It's only false security if you automatically believe open source = good/secure software. If you don't perform automatic update, always perform GPG verification and waiting someone to give feedback on newer version of application, i'd say it's more secure rather than blindly trusting closed-source wallet.
If a user don't do all of those when using open-source software, it's their fault.
With the desktop version yes, with the android version unless you have automatic updates turned off. It will auto update when they push something out.
With that being said it's been months and months since they did any updates to the android version.
But this does loop back to the original point, if you have BTC and only BTC or at most 1 or 2 alts then checking you wallets although time consuming is doable.
Looking at my coinomi wallet I have
BTC,LTC,ETH,DOGE,XMR,DASH and DFC
That would just get to be a full time job to keep up with them all.
So since there is not life altering amounts of money there. Heck it's barely weekend plans amount of money. I'll trust the precompiled closed source.
For the real money it's secured another way. YMMV in terms of amounts.
-Dave