If you were a developer, you would understand it is impossible to prevent malicious apps.
The developer compiles the app. How the code branches and what it might do is opaque even to Apple (it is compiled and reverse engineering such takes a lot of time and money, several orders of magnitude more time and money than is available to an App review team). It is very easy to create code to the effect "do nothing until 20th Jan 1016, then after that date do ... mawah ha ha ha haaar."
This code condition can be obfuscated. The chance of knowing about it before app launch is close to big fat zero. All you can do is block the app after it starts doing it's nefarious evil thing and ban the app developer.
This is why having to pay a yearly fee to be an app developer who can submit apps to the AppStore is a good idea. It means the developer id is not throwaway and immediately cuts out all those who might be tempted to have a go at building a malicious app for kicks, because it will cost them £100 a pop.
"This is the 100 millionth time they have let things slip by"
Complete drivel. Given the truth of what I have said above, I've been astounded at how very little has got through. This is because the real defence is the app sandbox and the permissions model and app review is limited in what it can do. It is only recently there has been any trend at all. As an app developer I monitor such things.