You don't need to detect it as it's going on, it should be a part of the approval process for getting the app accepting into the Play store. Apps should undergo regular static and dynamic analysis. And probably some improvements to Bouncer
Static analysis likely will not detect this type of malware as the malicious payload is only retrieved once the app is running. As for dynamic analysis, it's usually pretty easy to evade for a capable malware author. The only surefire way to catch this is to have someone manually analyze the app.
Dynamic analysis isn't perfect by any means, but I expect Google to at least try, to get the low hanging fruit. As the OP said: "at least make them work a little." Do we know if this malware had sandbox detection techniques?
