On iOS private keys are stored in a secure area called the keychain
https://developer.apple.com/documentation/security/keychain_services
The keychain itself has system level encryption based on either the passcode that is set on your device (or touch ID and face ID).
The keychain is specifically developed by Apple to protect sensitive information (like your private key).
When the Private Key is saved only the O3 application can request the private key from the keychain. So there is absolutely no chance of any malware, or malicious software being able to get your private key.
This is important because the vast, vast majority of hacked private keys occur due to some form phishing, which is impossible on the O3 app. For these reasons we believe that a private key stored on your mobile phone is arguably more secure than on a desktop computer because you completely eliminate the chance of phishing, software spoofing, and keylogging attacks.
The only way anyone could ever access the private key is if they have your device AND they know your passcode. All transactions from O3 require pin code authentication so even if the phone is unlocked and the app is open, the thief would still have to know the passcode in order to transfer funds or view the private key.
Rest assured that we take security of your private keys very seriously on O3