Is keychain item created by app safe without access control?

I'm saving a secret in keychain in my app without access control. From what I've searched the item should be only accessible by my app.

Is there anyway to compromise this keychain item? e.g can a hacker install a fake app with same bundle identifier to replace my app and get my keychain item?

Solution

iOS has a single keychain that is accessible when the device is unlocked. Only your app(or set of apps if you have keychain sharing set up), has access to the keychain items you store. But if your device is jailbroken there are ways to steal items from the keychain. See this tutorial has some good info on Keychain best practices:

ios App Security Ray Wenderlich

From the above site:

Although Keychain Access is more secure, it is also a high-priority target. For jailbroken iOS devices there are command line utilities that print out the Keychain Access database’s contents.

Remove all constraints affecting a UIView
Why use @ObservableObject when you might as well use @StateObject?
Error: Native module RNFBAppModule not found. Re-check module install, linking, configuration, build and install steps., js engine: hermes
Live update relative time in SwiftUI
Metal Shader Stretching Camera Preview Vertically While Applying Grayscale Filter In iOS Swift
React-Native: Problems with Axios on iOS
Using the Apple Music API to create playlist?
Why does my snapshot() in SwiftUI not capture downloaded images from WebImage (SDWebImageSwiftUI)?
How can I change the UISearchBar search text color?
Data in HTTPBody with a PUT method fails, while it works with a POST?
How to use a custom activity indicator view while using API call in my project
How to add a credit/debit card into apple wallet from the ios App
error: shell-init: error retrieving current directory: getcwd: cannot access parent directories: Operation not permitted
Send post variables to API
Setting properties in init method using closures
How can my "didFinishLaunchingWithOptions" wait until call API finish
EXC_BAD_INSTRUCTION (code=EXC_i386_INVOP, subcode=0x0) crash
Development team has reached maximum number of registered iPhone devices
API authentication with swift
Swift Best Practices - how / when to check for internet connection and 404s when working with APIs
Reading Websites in iOS
In swiftUI, how does text display evenly once minimumScaleFactor is set
UICollectionView and SwiftUI?
Go router: Use GoRoute and ShellRoute
Xcode 10.2.1 Command PhaseScriptExecution failed with a nonzero exit code
is it possible to update live activity view after performing LiveactivityIntent action?
I cannot play music in the background (Xcode 9, Swift 4)
Variable was never mutated...or Constant being used before initialized
JSON API transfer data in Swift
Having trouble decoding JSON file from GitHub API swift 5