Apple is not reviewing the source code, they probably looking at what system calls you use and maybe they do what anti-virus software do on Windows, check for signatures or something like that. From my limited knowledge you can have your executable very obfuscated and make it impossible for someone to easily understand what is happening.
The thing is nobody would force the normal users to side load things, the number of applications for Android that are not in the store is small and I think only Fortnite was one with popularity and the number of people sideloading it was not that big.
The thing is nobody would force the normal users to side load things, the number of applications for Android that are not in the store is small and I think only Fortnite was one with popularity and the number of people sideloading it was not that big.