rPGP and Delta Chat passed security audits. TypeScript is not used to handle the keys in Delta Chat. On Android there is a dedicated Keystore system, but it is not intended for handling OpenPGP keys, for example it does not support Ed25519 keys that Delta Chat uses. Delta Chat Android has an experimental option to store SQLCipher passphrase in the Keystore, but the OpenPGP key has to be used outside the hardware security module. We don’t attempt to “shred” any files on disk by overwriting it and recommend using full disk encryption which is available on all operating systems Delta Chat supports. PRAGMA secure_delete=on is used in SQLCipher though. Not talking about the keys in the UI is a deliberate decision. The keys generated by Delta Chat do not have an expiration date on purpose. Autocrypt standard was deleloped in large part by the same team as Delta Chat itself.
The forum already has a very similar topic: