The security of push token in privacyIDEA

Can anyone explain how keys are protected, which are stored on the smartphone ?
I mean the keys generated during enrollment: public and private key and the public key of privacyIdea server which are sent to a smartphone in the last phase of enrollment.

To my knowledge, with iOS all the data is stored in the keychain.