So what he has done is written a program that uses the standard APIs to get data and send it off?
The point is that an application needs to go through the approval process before going to the store. So while anyone can write malware, getting it out into the wild is more difficult now.
There are all manner of sneaky tricks you can do to get around such checks, you app could have a logic bomb in there so the negative effects only take effect after a time.