Like, oh say, the package repositories on any running Linux system? Yum/Zypper, Apt .. they all allow you to add a 3rd party key and repo address. Gentoo allows overlays. There are teams like Jenkins that maintain their own repos. I maintain one myself (https://repo.bigsense.io).
Apple's AppStore and Google Play are bastardizations of the concept of a package repo. Instead of applications and their dependencies, Google/Apple distribute monolithic executable (duplicating shared libraries for every app) and disallow anyone else to have a trusted cert/3rd party repo.
The technical problem is that to protect system and user security and privacy, third party signed apps would be very limited. This is under the assumption that most users have a limited capacity for understanding the security and privacy ramifications of unfettered access by apps. (Basically - if you can understand this, you already know how to side-load apps onto Android/iOS devices)
For instance, you might have a choice to read-only access to the filesystem and user hardware, or be allowed network access.
Without a static policy, the only choice that someone like Apple or Google would have to rampant abuse would be to blacklist the 3rd party key. This might mean blacklisting an entire repo if the repo owner is not properly vetting apps - which would likely be perceived as way more an abuse of power than the current gate-keeper model.
The non-technical reason is that there is zero financial incentive for a company to risk breaking their security model and affect their reputation, just so that other companies have the ability to not do revenue sharing.
Apple's AppStore and Google Play are bastardizations of the concept of a package repo. Instead of applications and their dependencies, Google/Apple distribute monolithic executable (duplicating shared libraries for every app) and disallow anyone else to have a trusted cert/3rd party repo.
There's F-droid of course on Android.