I know next to nothing about iOS, so: Why can't the (usually public) jailbrake-exploit or another, similar potent (and probably quite expensive) be launched from inside the app? Sure, it has to be hidden to get into the store, but that looks very easy compared to finding the actually jail break. One just has to hide a arbitrary code execution vuln in the code of the app somewhere.
If there was a jailbreak available, yes. But there hasn't been a publicly available untethered jailbreak since March of 2016, and there has never been an untethered jailbreak of iOS 10.
The only jailbreak for iOS 10 was semi-teathered and only made public after Apple had patched the vulnerabilities. In order for this to work as malware the user would have to open the malicious app every time their phone restarts. Not only that, every time the they open the app their phone would appear to be out of storage and then promptly crash to the boot screen. It would be a bit of a hard sell.
So, every apps seems to be an attack sureface.