No. This gets you banned.

Is that really true?

Only years later, as in the case of a certain Vietnamese hacking group that did exactly this starting at the end of 2015 and didn't have their apps yanked until Nov & Dec of 2019 and another batch located & yanked only last month, well after any and all damage was already done to those who used the apps.

Well, I meant for devs who are doing it innocently ;)

The fact that it took four years in your example implies that permission shaving isn't hugely risky for devs.

Malware authors can register a dozen or thousand throwaway accounts (probably not super easy but not hard either).

It's the honest developers that get their meaningful accounts banned.