Something being technically possible and something being done are not the same. As i already wrote, it might theoretically be possible to create a spyware, but unless i download a program that does that it wont happen.
Programs cannot decide by themselves to be installed into a computer without some prior action from the user, it is the user who has to do something for them to install themselves. And no two users do the exact same sequence of actions to be able to claim that all users have the same likelihood to be affected by spyware.
Also FWIW when i use "apps" i mean it as a shorthand for "applications" and for a few messages already upwards in the thread the discussion isn't just about macOS but regardless of OS. So apps can be open source (and personally unless it is some piece of software i trust - usually older widely used programs - or some game i got from a place i trust, i stick with open source apps with security being indeed a major reason).
Something malicious being easily technically possible with no risk and significant economic upside will statisically occur due to simple distribution of motives at large.
+1, only you can decide to install a program. However its total functional scope, "what it does", is never fully known, unless it is open source. "Doing research" about the developer will not solve the lack of transparency in the tool you're installing. It is the consumer OS's responsibility to make sure third parties don't get access to data consumers would deem sensitive, without proper authorization.
Programs cannot decide by themselves to be installed into a computer without some prior action from the user, it is the user who has to do something for them to install themselves. And no two users do the exact same sequence of actions to be able to claim that all users have the same likelihood to be affected by spyware.
Also FWIW when i use "apps" i mean it as a shorthand for "applications" and for a few messages already upwards in the thread the discussion isn't just about macOS but regardless of OS. So apps can be open source (and personally unless it is some piece of software i trust - usually older widely used programs - or some game i got from a place i trust, i stick with open source apps with security being indeed a major reason).