There is one thing everyone is missing, Apple does have a process of verifying the identity of the author even if there was a malware that was slipped in it is easy to identify the author and report to authorities that in itself is a good deterrent against trying. remember malware writers want low hanging fruit first and and Android extremely ripe for it.