If you install something directly from the Apple app store or Google play store then you are right - you have absolutely no way of verifying what you are installing. This is the wrong way to install things, though.
And that's a knowledge to consider not just from crypto but to all who used to download and install from this mobile distribution services such app store and play store.
The better option is to download the app directly from the developer, verify its signatures or hashes, and then transfer the .apk file to your phone to be installed.
The best option is to download the source code, build the binaries yourself, and then use them to install the wallet on your phone.
Common smartphone users don't actually do this, idk if they know such thing exist, even most of the users here probably and that's quite alarming.