Speaking for myself, I only install applications I have a reason to trust, and I generally only install applications from trusted sources.
If I have an application that I want to run that I don’t know the source of, I sandbox it in a virtual machine, and I look at it with tools designed to help me understand what it does (network traffic analysis tools, if I suspect it might be ‘phoning home’).
But I would never install an application from North Korea that “shows cute animal pictures”. That would fall in the category of “applications from untrusted sources”.
You’re correct - the firewalls in Linux tend to be ingress-only firewalls (ie, inbound), and not egress firewalls (ie, outbound).