Look at the history on the PC and Mac desktop side. Ever see someone who had Firefox or VLC, only the binary they got was loaded up with things not shipped by the real developer? Notarization prevents that shady phished from talking your dad into installing “a critical security update!!!” from their own server and then either having it immediately get access to his stuff or walking him through logging into his password manager, etc.
I'm not against notarization as long as it's free (akin to Let's Encrypt) and strictly used for combating outright malicious software like you described, and not as a way to keep competitors off the platform, rent seek, or ban apps for "philosophical" reasons (like NSFW content).
They're intentionally conflating these objectives to give themselves an excuse for maintaining their stranglehold on users and developers alike. They need to give up some ground if their security concerns are to be taken seriously.
I'm sure all the smart people in Cupertino (and elsewhere) can figure out some really great solutions for protecting users in an honest manner, if only their leadership didn't instruct them otherwise.