I have a bigger concern that an app can store confidential data in the keychain that will never ever get deleted. Ever. There isn't any way to completely delete a keychain tied to an account.
If you reset your iphone and set it up with the same apple account, Apple downloads the stored icloud keychain to the phone before you get a chance to tell it not to. If you disable keychain sync at that point, the phone doe NOT prompt you to delete the existing keychain data despite documentation online saying that it does. If you log out of icloud on the phone, you get the option of removing the local copy. But the moment you sign in again, it comes back.
Deleting all the passwords in Safari or the password app does not delete all keychain data
If an app is designed to use a keychain access group, deleting that app will not delete the keychain data, yet that data or app is not listed anywhere in the Passwords app or anything else purporting to show keychain data.
That leaves trying to delete the keychain for an account on another device. MacOS provides only the Password app to view keychain data and the ability to enable or disable syncing. Disabling it does nothing to the copy stored on iCloud.
account.apple.com provides no access to keychain management other than indirectly e.g. changing your password, app-specific passwords, etc.
So if there's no way to view and / or delete / wipe the keychain data stored on icloud, and there's no way to prevent that data from being downloaded automatically to any device you sign in to using that account, and removing the keychain data on any given device does not modify the copy stored on the cloud,
How do I ensure that any rogue apps that maliciously stored data in the keychain can not access that same data in the future, either once the app is re-installed or via a different app configured with the same keychain access group?
How can there be any real security of confidential data if someone can write an app that does this, and then provides another party with the keychain access group keys?
It makes no difference if Apple claims that their phone is secure with such an obvious and gaping back door available. Enabling Advanced Data Protection doesnt list keychain data or the keychain in the list of types of data that are securely encrypted. And while the keychain data is encrypted, all it takes is for the user to install App A at some point, which stores unknown data in the keychain, then the user deletes App A and later on installs App B. And App B immediately gains access to that confidential data.
I don't want to get into some debate about why an app would do this, or caveat emptor; the point is that it's possible and would be an obvious method for malicious actors to use.
All because Apple doesn't provide a method for a user (NOT an app dev) to clear out their keychain.
