If the initializing bunker is malicious then the nip41 rotation can't be trusted either?

Also where is the popup? Does every app that enrolls new users also need a keyring interface?