Apps without app store review could also start delivering dynamic code packages that aren't included in the binary. There could be targeted attacks via these apps on specific users (say, journalists, politicians and their families, etc) not delivered to everyone; Apple thus can't analyze until it's been delivered to a device they control. App Store rules forbid dynamic native code delivery.
Perhaps journalists and politicians should stick with the App Store (which is what 99% of users do on Android, where you can sideload apps) and use Lockdown Mode.
If iOS' sandbox is that insecure, then they have a problem on their hands.