I am struggling to understand the benefit of using iOS keychain to store application passwords, secrets, and keys. It's the recommended way to "handle" this data but I am not seeing the benefit from a security perspective.
First, apple claims the keychain prevents other applications from accessing the sensitive data in keychain. The application sandbox design already prevents this, so I don't understand why storing in keychain would be necessary. Second, apple claims the data is stored "encrypted" in the iOS keychain and once can specify lock/access controls for each keychain item. If a user "roots" the device (jailbreaks the phone), there are tools out there that can access the entire data in the iOS keychain, rendering the keychain encryption and access controls useless.
It sounds like to me all the iOS keychain does is add extra overhead, from a security perspective Apple's application sandboxing and application code signing should be enough to protect sensitive application data. We should be able to simply store sensitive data on an iOS app's file system or in code, and rely on Apple's app sandboxing and code signing. Am I missing something?
Advanced Persistent Threats (APTs) are often capable to silently break out of the sandbox so you cannot rely on SandBox to protect any sensitive data.
The keychain on the other hand is encrypted by the SEP (Secure Enclave Processor) which, while not infallible, it's so much harder to break.