The problem is app stores itself
It adds an element of commerce to it. Suddenly if you kick out an app, you will have someone loosing money who might want to sue you.
Plus there is the problem that the classification of malware vs non malware is rather subjective. For example for Google and Apple an app to root your device might be considered malware. I for example consider apps without source code or apps which display advertisements malware.
Google actually is the lesser evil here as I can just ignore their Crap store and go to fdroid which has at least some amount of quality control. With Apple I'm left to Apple's judgement which completely disagrees with mine.