And then, even if they're tempted by the large amount of money, they probably get caught pretty quickly and get banned. Again, even if you can use another person's account to reputation launder, it's still a very transparent platform that's hard to pull stuff like this on.
The usual process for this with mobile apps is not to pay someone a lot of money to ship malware, but rather to buy the person's account, app, and the source code outright. This has the advantage of not having to be explicit about what you're up to, gives the original developer plausible deniability, and gives you way more control. Plus it makes reputation laundering way easier and since the app is still closed source you can make any changes you want without anyone being the wiser.
All of this is completely different from how community supported repositories are run.
The usual process for this with mobile apps is not to pay someone a lot of money to ship malware, but rather to buy the person's account, app, and the source code outright. This has the advantage of not having to be explicit about what you're up to, gives the original developer plausible deniability, and gives you way more control. Plus it makes reputation laundering way easier and since the app is still closed source you can make any changes you want without anyone being the wiser.
All of this is completely different from how community supported repositories are run.