Given that it’s already present in App Store apps as you say would show that the App Store itself, and perhaps the current app review process, is insufficient!
I don’t know. It’s a cat and mouse game, and you can only win in such games if you don’t play. By moving the security from static analysis to kernel, Apple has sidestepped most malicious API mishaps. My project isn’t malicious, it just uses API not as intended, but it can do little malice in wrong hands. I think this is a good system overall.
https://developer.apple.com/documentation/security/notarizin...
I don't think the regulators are going to mandate that Apple not retain any consumer-protecting mechanisms.