What is the signature good for if they hand it out without review? Might as well get rid of the requirement.

They get an archive of stuff they can (theoretically) ban if found to be malware. Which I guess (or rather I hope) spreads a bit of a chilling effect among potential malware writers.

Then there’s something to revoke if necessary.