I might be over worried, but I'd like to know if the Apps on the shelf of Apple store are checked and investigated thoroughly for their safety by official Apple engineers before they are released to the market?
They are not. No. Applications are compiled code. Meaning the source code the developers write is not visible to Apple to review. When an application is reviewed it is run through some automated tests to determine if the developer is using only approved developer resources (APIs for those more familiar) and then a human being likely goes through and does some minor testing to simply make sure the application runs and works properly, using the application for a period of time.
If Apple reviewed each product to check for security related things we'd never see updates to applications as it would simply take too long.
I can tell you how 1Password works though and it'll likely make you feel quite a bit more safe. I cannot say how other companies implement their applications though so you'd have to ask each of them separately.
When you create a vault or data file in 1Password on an iOS device we create an encryption key (256-bit if you're curious, and I can provide full details on how we implement it all as well if you require, we make our data format fully open so anyone can see how it works and scrutinize it). We then protect this key with your master password using some super fun math. The master password is what protects your data. Only you should know it, and it should never be used anywhere else. It should be as long as possible so you can remember it but not so long that you forget it. Symbols, numbers and letters of varying case should be used if at all possible. We do suggest sticking to US-ASCII characters though.
Once the key is created and protected by your master password the data exists solely on your device. You can optionally sync it to Dropbox or iCloud, and if you're cloud adverse you can sync via wifi to 1Password for Mac or Windows so that it never touches a cloud service to sync.
When you add an item, we use that key to encrypt the data and data is only ever decrypted when you request to view the item. We then remove the item from memory as quickly as we can though it can be up to iOS to release that memory fully in some cases. Your master password is never sent to AgileBits, the makers of 1Password and the company I work for. We do not share your data, we do not have any way of resetting your master password if it's ever forgotten, being able to do so would be a way for a malicious person or entity to try to obtain access to your data. The fact we cannot reset it for you is a security win for you.
I would be happy to answer any further questions you have, either publicly here or privately via private message.
