understand kSecAttrAccessGroup


I was just reading through some source code for an iOS application and I'm curious about the security of the same. It seems that the access group of an application can be specified in the entitlements it was built with. However, if a user unknowingly installs malware which tries to be part of a particular group and read the data stored in the storage, isn't it a security issue?

Is the Apple Application Screening process the only thing that stops the above attack? Or is there some permission management concept that im missing out? Thanks!

Yes, it's a security hole. For example, this tool can dump all the sensitive info in the keychain, including Wi-Fi and mail/facebook/any passwords off of your device.