Sure, it doesn’t happen often. Those mechanisms are often just some software running in some microcontroller, which can also fail and manifactorers like to cheapen out where possible.
It did happen to me maybe 2 times in >5 years, where not even long pressing power button helps. I was traveling by rail the last time and luckly had my ticket physically.
I had issues with my phone (OP8P) where that didn’t helped.
I pressed the power button for minutes and the phone stayed unresponsive, only letting it run out of energy solved it.
What do you have against waiting a day or two, not being able to use the phone, for the battery to run out so that you can reboot it? Simply removing the battery seems like to much effort. /s
In addition, phone manufacturers write bad code, that would need to go through many review iterations until the open source community is happy with their changes. Often their changes to the kernel break things for other hardware, for instance.
Review and writing good software takes time, and phone manufactorers don’t care about long term support, they want to sell you a new phone every year, or even more often. So they fork the kernel and hack together with lots of string and duct tape, a frankenstein kernel that just works on their hardware, but is broken for anything else.
I dislike the snap store as well, but what you describe is how packaging works on Debian as well. Anyone can make, maintain a package. And there are people there that maintain even more packages.
However, there is a difference when uploading it to the repos, you either have to be a Debian developer or find one to sponsor your package first. After a while of doing good work, you can also request becoming one yourself.
This additional burden makes it more difficult for malicious people to go through.
Personally I prefer this separation of software developer and package maintainer, because that makes it a bit more difficult for malicious devs to push packages directly or for them to not package them the optimal way for the distro.