That really isn't sufficient here, as you are lying to the people who are putting their trust in you: a reviewer who is claiming to protect users from scams who won't even put in the token effort to learn what LastPass is before accepting it is simply not doing the role they claimed to be doing.

The reasonable response here from people at Apple should be more like "this individual reviewer was negligent in their duties and has been reprimanded appropriately; additionally, we are attempting to prevent this kind of mistake from happening in the future with better training and more redundancy in the review process", not "what do you expect? how could the reviewer possibly know what LastPass is?".

Like, do I believe an open ecosystem is better? Of course! But that isn't my argument here, today, on this thread. I am saying that, assuming the benefits claimed of the closed ecosystem are legit, Apple is not just doing a half-assed job: you are actively defending that half-assed job by saying it somehow isn't possible to do better, even when that obviously isn't the case... do remember that this was actually my job for a while!

If you had submitted this kind of scam to Cydia, I guarantee I would have put enough effort in to at least learn what LastPass was and verify your involvement in the company before rubber-stamping a product that used its trademark! (Which, incidentally, maybe finally explains why the independent UCSB research done on this actually showed Cydia offered a safer curated core ecosystem than Apple... we actually gave a shit about what we promised to do.)

Your first two sentences contradict with the third. How can you honestly defend a manually-vetted process that doesn't catch surface-level scams that even a Linux packager would catch?