Users don't check the signature of apps that they download, their phone does it for them.
So even if apps are signed by the developer, the app store owner can throw away the signature, modify the app and then sign it with their own key. People downloading and running the app won't see a difference.
If a developer downloads the app, they can verify it.
But more to the point, I published an app on the Play Store that actually verified its own signatures (as an anti-piracy measure) and it worked correctly. Not only that, but it used the signature as a key to decrypt some of the assets, so a changed signature would mean the app would completely fail to work.
So it's a solvable problem on Android. But not at all on other ecosystems.
So even if apps are signed by the developer, the app store owner can throw away the signature, modify the app and then sign it with their own key. People downloading and running the app won't see a difference.