OK, I found the problem and the solution thanks to this post:
It seems that iOS 10 requires additional entries in the Content-Security-Policy
meta tag, namely gap:
and file:
. After adding these, my Content-Security-Policy
looks like this:
<meta http-equiv="Content-Security-Policy" content="default-src * gap: file:; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src * 'unsafe-inline' 'unsafe-eval'">
And the app starts up and works fine on iOS 10.
Hope this helps others.