Hi Richard (@novice),
I understand your concerns, I believe that @syedfa has helped you with most of the questions. I wanted to answer this a bit differently, so here goes.
Apple has a lot of things in place that disallow a developer to do things unacceptable for the user. In fact (I think) starting from iOS 9 onwards they are adding more and more permissions that the user has to accept to allow the app to access hardware on the device and the user is made aware of these choices (ONLY ONCE - at the start of the app). These can be changed in the settings app under various settings but mainly privacy.
Even things like sending emails, apple allows the developers to compose and create an email, but it is the user that has to then click send, there is no automatic send from the mail compose UI.
Now comes the interesting part, if you have given permissions to the app to access certain areas like Camera, Microphone, etc then… a developer can determine from the app what the user is doing by looking at the orientation data, the accelerometer data and the camera and microphone. Felix Kraus has a couple of articles and sample code to demonstrate how this is done.
Sending an email can be done by bypassing the mail composition UI by accessing a SMTP server directly and the user can be asked to create a profile and enter their email address, following that any data created in the app, that is accessible by the application can be (in theory and yeah, in practice) be send without the user knowing about it.
From the app, the developer can create automatic networks even when there is not internet/wireless only via the Bluetooth interface, (There was an app called FireChat [I think] that created peer-to-peer network to access and send messages.
So the point I am trying to make is that there are ways that a smart developer can - however it all depends on what advantage they derive by doing so, majority of the developers only try to mine user data for marketing purposes (the new currency) while very few would be interested in stealing data. They can also create a backdoor that allows them to query the application’s sandbox, but I guess that it is caught by the testers at Apple before releasing the app or by some astute user and then the malicious app is removed from the store. If you have a custom or a very low profile app, well there is a chance that you would never know.
Hope that has provided you some information not just scared you,