One could argue the requirements have changed because the security and compliance part of the world finally caught up to modern software delivery concepts. Even the most dinosaur apps at compliant orgs are being dragged kicking and screaming into new CI/CD tools where applying governance and custody chains and permissions and approvals are all self documented automated hooks.
Bit shifting is not malicious on its own. Bit shifting to specifically conceal the purpose of your policy violating code from the auditors who audit the apps submitted to the App Store is malicious.
It’s about why you are doing it and what you are doing with it and not that it’s bit shifting on it’s own.