Can the user access the keychain on iOS?

Question

We're looking at storing some information (think the equivalent of usernames, passwords, etc) in our app that we don't want the user to be able to meddle with. One (bad) way to do this would be to put them in an encrypted file somewhere in the app's folder, but if we did that the user would be able to take any iOS filesystem exploration tool and edit or replace that file, which we don't want.

If we stored the details in the keychain, is there any way the user could read or write those details, for example by running the keychain equivalent of a filesystem exploration tool? Or is there no way to get at the app's information in the keychain without running that app?

Obviously if the user hacks our app, or has a jailbroken device, or somehow man-in-the-middle the connection that sends the information to the device, or etc, they could access the keychain items. I'm not worried about that - just about whether a user with a regular, unhacked device and no weird apps on it could access the data in the keychain.

Thanks for your help.

Answer 1

According to Apple docs:

Whereas in OS X any application can access any keychain item provided the user gives permission, in iOS an application can access only its own keychain items.

Note: On iPhone, Keychain rights depend on the provisioning profile used to sign your application. Be sure to consistently use the same provisioning profile across different versions of your application.

So, if you assume that your device is not jailbroken and the the keychain subsystem is working properly, only your app (identified through its provisioning profile) can access its own keychain items. If you have different apps sharing the same provisioning profile, then they can all access the same keychain items.