> Given one of the things you can get on an app store is a replacement keyboard, "security" is, in addition to all the things you listed, "make sure there are no installable key-loggers".

And what makes you think Apple can stop these apps on their own app store before they cause harm?

I sense this pervasive belief on HN that Apple's reviews are infallible, or that they magically catch malware, when in reality it's just some low ranking person installing the app and navigating through it to spot obvious flaws, usability issues, rule breaches, and ensure that the developer doesn't try to direct users to their website to purchase a subscription for cheaper, the usual anti-competitive stuff.

Unless you can point out a step in the review process where a security expert sits down and reverse engineers the app, and every subsequent update, to verify that it doesn't steal user data?

It's only when someone raises the suspicion that things get looked into, reported and taken off the store. At least web extensions have the benefit of being written in Javascript which is easier to inspect. At no point does Apple ask you to hand over source code.