Re: Sounds like the case against Apple
"What Apple would need to do in the meantime is effectively turn iOS into a hypervisor, and make every app run inside a separate VM so it can't possibly touch another app or the OS except through defined methods."
They already did that. The primary worries about an insecure app is that it might find a vulnerability in that hypervisor, which has happened several times, or that they might find a valuable sandbox that allows access to lots of things. For example, if they get into a sandbox which already has access to contacts, the global filesystem, and the microphones, the insecure code doesn't have to escape the sandbox to do malicious things. To the extent that Apple's review is focused on real security scanning, this is the kind of thing they want to prevent.
Biting the hand that feeds IT
