I am an Android fanboy. There is no such thing as a secure app store. When you use a PC, you are already exposed to the wild west and the best anti virus in the world is actually you the user and this incident with Apple proves just that.
I don't believe the Apple app store is 100% secure because it just isn't possible to vet every single app in the review process in detail. I treat it to he just as secure as the Play Store. Beeper was able to exploit iMessage on Android suggesting that was having vulnerabilities as well.
You could argue we are seeing only 1-2 shady apps and Apple is stopping 1,000 of them while third party stores probably wouldn't do anything.
But here is the thing. People trust the App Store. People would not trust third party stores. Android specifically warns you when sideloading any app and the user is well aware of the risks. Apple is providing a false sense of security on their App Store so a user may not even use basic common sense when downloading any app from it.
It's like this. If I know an alley is dangerous and I am at risk of getting mugged, I would avoid it or at the very least ensure I have some protection when going through it. If someone assures me that an alley is safe, I wouldn't think twice walking through.
This incident neither supports nor weakens Apple position. Nothing is safe. It's upto the user to use basic common sense.
It's also why people get robbed mostly in dense and public spaces. Hiding in plain sight is probably the most efficient way. That's why on railway stations or airports they always say "pay attention to your bags and wallet".
To close all attack vectors one should not have any App Stores at all. Now, remember that was actually the original Apple intent. They gave up once they realized it was a stupid idea. It's time they realized that the ban on alternative app stores (and sideloading) is also a bad idea. Well, I am sure that deep inside they actually know it but profit considerations tell them otherwise.
I also think that the original plan would have been the safest. If Apple had decided to walk down the way with web apps, they would have only had to care about Safari security, and they would have continued their joint venture with Google to develop PWAs together.
Obviously, Apple wouldn't be as rich as it is today, but it would be safer. And Apple would still be a product-first company.
Nowadays, fake apps need to be highlighted by MR in order for Apple to take them down. I mean, it's hard to blame Apple, by the amount of apps submitted per hour, it's impossible to make a code review even on 1/100 of them, even if their reviewers were engineers.
Now, that store has become too big to even do a thorough QA session. I mean come on, how drunk must a reviewer be not to see LassPass vs LastPass, and a release vs an update?