And how would we know that has happened? The parent comment suggests it was obvious which downloads were malware just by using Installous.

"That sandbox" is exactly what stops code from an ipa from escaping. Apple does not do a particularly deep analysis on the code in an app before approving it. They do a superficial check for use of private/deprecated APIs, which is pretty easy to bypass, and that's it.

It is possible to find holes in the sandbox, see for example the jailbreak.me exploit from iOS 4. But it's hard, and Apple will patch any holes that they find out about.

This is a point that people badly misunderstand, sadly. The sandbox is what keeps you, as a user, safe from malicious code. Apple's checks don't really help at all, aside from their ability to pull malicious apps after the fact. Apple's checks are there to ensure a basic level of functionality and avoid content Apple doesn't want to publish. They do essentially nothing for the security of the platform, and are not intended to.