The spy/malware problem on the App Store is tiny in comparison to what you see on almost any other platform. Even if something nasty slips through review, it's access to the iOS device is very limited and gated through permission pop-ups.
Sure it's gated through permission pop-ups but I guess anecdotally my family members usually just try to tap as quickly as possible to get through prompts/pop-ups, regardless of what said prompt is asking, in order to accomplish their original goal in the app, not consider security requests.
