Many users have no control over what apps get installed
Millions of Android phones distributed by Access Wireless and Assurance Wireless as part of the government assistance "LifeLine" program install apps from unofficial app stores and cloud servers without users knowledge or intervention.
Millions of minature 'Nix devices with WiFi cards, GPS, Bluetooth and NFC running as root accepting remote commands from an adversarial country.
What can possibly go wrong?