It's a well known security problem. An attacker in this kind of environment is spending very little money per app, and gets a payoff for breaking through: The application process is their business. Someone actually building an app is focusing on the quality of their app themselves, and not getting through an approval gauntlet. The ratio of applications that are crap or scams vs apps that are trying their best and have reasonably good quality is abysmal.

If you catch 99.999% of scam apps, and incorrectly slow down 1% of honest developers, you end up with an app store that is full of scams, and the developers are unhappy.