The answer is it varies.
Flatpak (Only officially verified if possible) or
rpm-ostree or
Toolbx/Distrobox
For example, you may have a chromium browser officially verified available as a flatpak. Should you install that way? Probably not.
Depending on the application that you are installing it may be better installed on a certain way. Browsers are on this “funny” category that installing from a distro repo or even from the tar.xz with some Linux kernel security module that provides mandatory access control seems a bit more secure. Assuming that it is maintained properly by the project owner with a very good frequency.