Depends, if the app is open source you can at least verify the code to check where they store it. Usually an app (unless malicious) will store it in your device's local storage. This is still a lot of work to verify every app, for better security it would be beneficial to store it in a signer app and only have to verify the signer's security, this way you can still "login" to many apps without ever sharing your nsec with them.

Even reviewing the code isn't a failsafe method though, as there's no way to verify that the build you're running is the same as what's on GitHub, right? Unless you're building it yourself from source. Either way, better to trust just one signer app.

Yes signed apps are obviously better in this case, and you can verify the build with what's signed.

The Alby Browser Extension is an application that runs only in your browser. It doesn't share your keys with any other app. That's why you can use it for Nostr key management.

Nostr | Browser Extension | Alby Guides

Nostr is a simple and open protocol that aims to create censorship-resistant social networks and works with cryptographic keys. Use Alby to securel...

Thanks for this, look forward to reading tomorrow!