Given that it’s already present in App Store apps as you say would show that the App Store itself, and perhaps the current app review process, is insufficient!
I don’t know. It’s a cat and mouse game, and you can only win in such games if you don’t play. By moving the security from static analysis to kernel, Apple has sidestepped most malicious API mishaps. My project isn’t malicious, it just uses API not as intended, but it can do little malice in wrong hands. I think this is a good system overall.
https://news.ycombinator.com/item?id=37667740
Static analysis is very easy to be fooled. iOS security comes from its kernel enforcement by means of entitlements, which you can’t easily break.