Comment by LinXitoW

But that's already true for most cases and devices. Most people using most devices let auto updates just happen.

And the other option isn't that much better, because "don't do autoupdates because maybe the update server is compromised" leads to a bunch of unsecured devices everywhere.

The only "real" solution is also completely unrealistic: Every private person disables auto updates, then reads the change log, downloads updates manually, and checks them against some checksum.

The better solution would be to simply increase fines until morale improves.