To be able to regulate such things you'd have to somehow magically be able to control who can be allowed to program anything in the first place, then you'd have to control all the possible tools for that
"Regulating" does not necessarily mean "strangling." For example, electrical devices are already required to be UL or CE certified before they can be marketed, but any numbnut with some wire and a soldering iron can build his own power strip, hair dryer, or Tesla coil.
It's patently ridiculous for a government to require software be bug- and exploit-free. It's also true that some disclosures would provide consumer benefit: does the software/device "phone home"? What information does it disclose if it does so? Does it implement encryption? Properly, using a widely recognized protocol? Does it run locally or is it a remote front-end?
Apple already claims to do some kind of review (or at least have some kind of conditions) for an iTunes listing. So does Google Play. That's self-regulation - it may not be perfect; it may not catch all the malware, but Apple and Google seem to think limited regulation provides some consumer benefit.