This is on regular CHINESE iOS App Store devices. The exposure outside of China is extremely limited. It does not require jailbreaking the iPhone or iPad. The claim that private data can be stolen or that the seems to be compromised apps can be used to download and install other malware has not been proved to be true as no secondary malware has been found. The malware encrypts and uploads the following:
The only serious issue is the hijacking of specific URLs, but it is SPECIFIC URLs pre-programmed for the Chinese networks. . . and most of those have security certification which will block that approach.
Phishing for credentials by having a sudden, out-of-the-blue, pop-up asking for an AppleID and password, unassociated with something you are doing is a red flag for anyone paying attention.
Not really...iphone users assume they are secure so a creds request will most likely be responded to. Especially by dumb users... Which is most.