A firewall is not a magic bullet. Even if it is properly configured, it is not the end all of security. It will do very little against random third-party apps that are installed as root that want to do bad things.
Your best bet against something like that is SELinux but that is *a lot* of work to do right and it frequently gets in the way of random third-party apps that you might want to run. It also would be a bit heavy on a limited-resource mobile platform. Likely the most bang for the buck will come from organizing a central repository of software that is simple to submit code to, where the source code is actually audited...