Neither of those has a review process, though. You just pay a few dollars and can upload whatever you want. Apple's stores do, which is why seeing this many fraud apps is surprising.
Google play does not review each app unless it's done after the fact. You pay a fee and upload your binary and then it's available. My understanding is that they have a permissive model that relies on users flagging the bad stuff and then they pull it from the store after the fact.
You're most likely right. I was under the impression that they just did a basic anti-malware scan on your app, but that seems to have changed back in 2015.
Oddly enough, this doesn't seem to be mentioned anywhere in the Google help pages or Android docs. This blog post [1] is the closest thing to an official confirmation I managed to find.
