Every update needs to be treated as completely new code, there’s no question about that.
With that out of the way, I still think the whole authorization thing (together with a lot of other things on the network; we’ll need it!) will have to be supported by a generic “web of trust” kind of system, where people can pick trusted parties to whom they can delegate these checks:
If both TesterJoe and JimmyTheNerdest says this app (with hash fff420) really is SafeWallet 2.17.1, and they think it’s okay to give it access to my wallet, then I trust it is so.
This is both less bothersome and more secure than if I was always asked, and then had to do my own little investigation (which, let’s face it, most of us would not do after the first few times.)