Following news that researchers have discovered an exploit that lets OS X and iOS malware in the App Store steal passwords and app data, as well as hijack session tokens, Craig Young, Security Researcher, Tripwire provides insight into the issue:
“Same story different day. App store review policies can only be so effective at weeding out malicious applications for one simple fact. You cannot know what you do not know. The moderate behavioral analysis performed by both Apple’s App Store and Google’s Play Store have been shown time and again to be insufficient for identifying previously unknown threats. (Look back at research from Charlie Miller, Georgia Tech University, and my own research presented at DEF CON 21 for examples of malware making it past this first line defense.) For a vulnerability unknown to Apple or Google it is typically less likely that their respective market places will recognize the patterns of exploitation and block posting of the app.”