I found this page where someone says it is still happening in iOS, but the comment was on November 2021, so I would like to know what is the situation now.
I am asking this question because I am learning flutter and I would like to know where I can safely store an access token or encryption keys.
I am trying to avoid the users of my app the need to authenticate every time they open the app.
Thank you very much
On any device you don't control you should imagine that a user, hacker or another app can read the data. If you are worried about that, encrypt the data such that it decrypts at runtime so a hacker must monitor indivdual processes to view the information.
As for this plugin specifically, you can see that in IOS (the targe platform that has the issue raised against it) that keychain is what is used to view and store data
If you look at the documentation (and the source code of the plugin) you can see that built in sharing is a core concept, however this is only amongst apps in the same group, I haven't looked at the exact implementation of keychain in this plugin but I'd say yes it is possible if in a bug for other apps to read the data.
If you want performant and truly secure data storage, look into flutter method channels, utilize lower level calls to store data and a custom encryption process to save data.