Heavy on doom and sensation, light on detail
It's a lot of screeching and very few actual problems.
1 - notice that the ENTIRE blog is about events in China & Taiwan, not here. But let's assume someone will use that code, well then ..
2 - .. Apple's security model has not actually been breached - this uses the Enterprise application install which means you must install the profile for this first. Despite all the effort to make it sound like a drive-by infection, it is certainly not as it requires the user to accept the installation of a certificate, something that's even harder to do in iOS9. Naturally, that was buried deep down in the article or the sensationalism would not work:
There is one disadvantage to using this method for installation compared to the official App Store: when these apps are executed for the first time iOS displays a dialog to notify the user that the apps are from a specific developer (Figure 13). However, many iOS users may simple click “Continue” and not be aware of the security implications of their choice.
It's worth keeping up with updates: Note that, in Apple’s just-released iOS 9, enterprise certificate security has been improved. Users now must manually set a related provisioning profile as “trusted” in Settings before they can install Enterprise provisioned apps.
So, is the sky falling? Nope. Are there infected Apps in the App store? Well, no, they are provided from elsewhere. The only thing an iOS user could wish for for extra security is a way to simply block the installation of Enterprise certs, but about the only proper takeaway from this story is that you have to be very wary in China and Taiwan of your connections, and not say "yes" to any strange popup. The latter is something you ought to know already...