> What are the security implications this raises that downloading native programs (needed for example to flash my smartphone) doesn't raise?

1. Permission popups fatigue

2. Usually users select the apps they install, most sites are ephemeral. And yes, even with apps, especially on Android, people click through permission dialogs without looking because they are often too broad and confusing. With expected results such as exfiltrating user data.