Fair enough. Would Download.com's process catch these kinds of apps? I'm not sure they would show up in a scan.
Knowing Google, they won't want to do this unless it can be automated. (A false positive would probably ban you from the market, adsense, and adwords for life with no explanation ;).
And is the manual review done for the App Store catching these things? That is certainly implied.
And looking at the entire article, it's not even a sure thing that any phishing happened. And yet on the slightest suspicion, Google pulled more than 50 apps from one developer.
FWIW, I think Google should take steps to protect users. But I believe that they are taking the *WRONG* steps in this case. If their procedure for vetting an application is "pull it if it causes us any bad PR", and "destroy all copies so no one can figure it out if it was actually bad", then I don't think that's doing the job.
09Droid could be the true victim for all that anyone knows now.