> a lot of people lose their private signing key. And if that happens, no more updates to your app

That is a feature. If someone cannot do basic diligence of protecting the signing key, should I really trust them for executing code on my machine?