Yea, when I saw 1 million downloads total I was surprised it was so few. That is very few downloads per app as well.
So that's up to 1 million users whose privacy has been compromised. Not too shabby, considering this is just the apps we/Apple know about that have circumvented iOS sandboxing.
its 1.7 million apps not billion
True. But it is still 0.002%.
Appstore transactions abide to local laws and regulations. I certainly do not know the specific laws about personal data privacy in the US but I do know that it is ilegal (plain and simple) to collect personal data of users without notification or/and their consent.
So it is ilegal in many countries (and if it is not the case in the US I would be quite surprised).
If its delayed, how would you test that. That code might be created and executed at runtime. They should look if apps are trying to use these kind of constructs though, but that would need a closer exam of the code logic.
Dev already bitch that approval time is too long.
That's the whole point. It's completely meaningless that it's such a small percentage of the total, or such a small total amount.
When identity thieves work under other circumstances, if they work 10 hours a day, 5 days a week for three months and only succeed five times out of hundreds of times getting past the first stage it's considered a good score for three months. Similarly, in the malware world, as far as whether a system is secure or not, it doesn't matter if there were a million attempts and 20 succeeded or a thousand and 10 did. You can have a 99.5% winning average against exploits and get ruined by the remainder.
You can't apply ratios that sound good in other contexts to this as if proof of its trivial nature. A million isn't a little. It's a lot. Holding it up against a huge total figure instead of a small total does nothing to diminish that.