Re: "side loaded" apps?
"interfacing via the App Store where other software installs work" that's what I was thinking. Make everything simple by setting up the store with an Apple cert for publicly available apps and then allow enterprises to install their own certificate along side the Apple certificate to verify their deployment server.
Or better yet, flip the authentication method where the client (phone/pad/pod, whatever) verifies the server's certificate and presents it own once its verified. Done properly, it would allow enterprises to publish their internal apps to the main Apple store and make it only available to a select number of client phones by way of adding whitelists of certificate hashes (with each phone having a different client cert). These apps would then be signed by Apple, rather than the Enterprise. This would create a scenario where the IT department of the company no longer needs to maintain infrastructure while still ensuring that their users get verified apps and staying as secure as they can be.
This could then be expanded to allow developers to build right to the App store and deploy to only their own phones/devices and ones registered in a white-list. Hell maybe Apple could offer a cloud-based repository/build system; write code, commit, Apple servers build it, do some preliminary tests, sign it, push to store, app gets pulled down by phone if its on the proper whitelist, device sends back debug data to the Apple dev cloud and reports are filed into the code's repository. As the app is polished and tested, the whitelist is expanded to include beta-testers, then finally the targeted audience.
If you're going for a walled-garden/big-brother approach, you can't take half measures, otherwise stupid crap like this exploit happens.
(Note: I have only a high-level view of what Apple does, the last Apple device I've ever used was a Powermac all-in-one in the late 90's)