I like the idea of keeping app signing requirements, but giving each user a device-specific signing key if they request one. I don't think a novice user is going to accidentally get the signing key for their device and then sign a malicious app with it.