Even on websites like Electrum, be sure to verify the GPG signature before download. if you were downloading the electrum wallet software, you can use the GPG signature to check that software actually came from Thomas Voegtlin the original developer and the others who have contributed to the source code and also that the website hasn't been hacked and uploaded with fake versions of the software which could be running malicious code that will try to steal your Bitcoin. Well you can check the software and check the signature on it to make sure it's coming from the right people and it has not been tampered with. Do it for every download of any wallet software.
This will depend on the app that I am using. If I am using Electrum, I can verify through PGP signature that the app comes from the right source but what about the exchanges and banks app that does not have any PGP? Also sometimes I do not need the PGP but go to application store to download apps like X, news apps and others that do not have anything to do with money.