There is tech to inspect compiled code and try to find malicious bits, even in an automated fashion, that won't be fooled by an idle loop. It's far from perfect or being a silver bullet, but it is there and getting better by the day.
Look at what the security firms are now calling "sandboxing". Look here: https://en.wikipedia.org/wiki/Malware_analysis#Free_automated_malware_analysis_services.5B2.5D
This is most probably what Apple does already, and clearly needs to get better at.
The bad news is that _it's bound_ to happen again.
This is why I agree with BronsCon, Apple should open doors to the sec community, but I don't think it will happen anytime soon.
BronsCon mentions sideloading as a possible way to do analysis, I don't know if this is the case (can sideloaded apps break the sandbox model?) but jailbreaking would obviously do.