Depends on the app of course... Damus on iOS, or Amethyst/Nostros/Plebstr on Android, these are probably safe.
Discussion
Just mainly test flight apps for nostr. Like current and iris.
“Probably” ?
It's open source so we can assume that other people are looking at it and it's not too bad
But it would be nice if there was a better solution
unfortunately that solution is a systemic problem affecting the entire planet not just nostr
You're just trusting them to custody your private key correctly
most of this apps are not even storing it in the keychain
they can't because the hardware doesn't support the curve that we use and the operations needed
so even if they do stuff it in there they're going to stuff it in there as a wrapped encrypted object that they're going to unwrap and use as a raw key