Re: So Google and Apple do not search for these when approving an app?
Yes. And large % of the apps I have looked at have some kind of hardcoded credentials. The developers just shrug their shoulders.
Our resident white hat hacker did a MITM on a medical device's TLS in 4 minutes after he started testing.