A firewall is not a magic bullet. Even if it is properly configured, it is not the end all of security. It will do very little against random third-party apps that are installed as root that want to do bad things. Your best bet against something like that is SELinux but that is *a lot* of work to do right and it frequently gets in the way of random third-party apps that you might want to run. It also would be a bit heavy on a limited-resource mobile platform.

Likely the most bang for the buck will come from organizing a central repository of software that is simple to submit code to, where the source code is actually audited and the apps are built with a trusted compiler so that your source -> binary -> distribution chain is trusted. For those who want to stay in the protective bubble, they can just have that repo enabled. I think Nokia has come part of the way but is not completely there yet. I am not sure if this goal is even on their radar. All other Linux distros do this is some way so that trojan programs don't slip in and their users have a safe harbour.

For those who are more daring, third party repos abound. There is very little that can be done to secure those who don't care to be. The biggest weakness in computer security is generally between the keyboard (or the touch-screen in this case) and the chair.