From what I understand after reading the iOS Swift documentation, these are the key points:
The user can't access or modify my iOS application's UserDefaults
Other applications can't access or modify my iOS application's UserDefaults
At most, the information found in UserDefaults gets deleted. But it can't be freely read or modified by a third party. So what exactly is the danger in storing sensitive information here?
Can someone give a plausible example of an attack where a significant software vulnerability would be exposed due to using UserDefaults instead of Keychain Services on the iOS platform?
First and foremost, encryption - UserDefaults does not use encryption out of the box.
Second, on any device a user can access the files system and specifically your app container and hence the UserDefaults using iExplorer app for example and access the whole plist that represents the user defaults - change it and extract information - not protected against malicious users.
Third, third party libraries you are using in your app are able to access your ‘standard’ user defaults or guess some container name you are using to extract/ override the information.
There are probably more reasons but I’d say these are the main ones