The cost of keeping the Apple App Store clean of malicious software is placed on the developers who are forced to wait for approval. The cost of keeping the Android App Market clean is placed on the users who will have to deal with the malicious apps that haven't been pulled yet.
Freedom isn't free it seems.
Does anyone know if Google can pull apps that haven't been installed by means of the Market?
How does Apple stop malicious software? No one has ever claimed that.
Apple's review process doesn't validate that the software does what it claims it does, beyond the superficial.
As far as I can tell, the iPhone has only been hit by malware when jailbreaking is involved. Maybe I'm missing it, but considering that minor infections in the Android market have made headlines, I imagine I would fine something for Apple too.
P.S. I'm hardly pro Apple, I have a Droid. I'm just saying that the probably do check for this sort of thing, because it's impossible in my mind for some one not to have tried to submit malware to the App store.
I have never heard of an Android application that breaks out of the sandbox. When people talk about "malicious" applications, these are apps that don't actually do what they promise to do, and because of an overly generous user (who okayed excessive permissions) they exploit trust.
This is similar to a web site saying "Hey, add me to your trust zone" (in Internet Explorer) "and I'll be extra awesome", and then exploiting that access.
Another poster mentioned that location has a special confirmation security grant, which is interesting to learn, however for other accesses there is no guarantee that the app is doing everything in your best interest.