Well that's unfortunate for my use of the keychain to store 'permanent' information of a user.
I don't know what you are doing. Maybe you know something I don't. But, in general, I don't know of any way to prevent access and deletion of data. They can always use FS events to find the data you are writing. They can use local snapshots to reset and try again. Apple has the mysterious data vaults, but even those are vulnerable to disabling SIP. If you keep looking for obscure tricks, you start to run the risk of using something that isn't reliable or that you don't fully understand or control. Hackers are definitely an annoyance, but breaking DRM for all users is an existential risk.
And hackers are perfectly capable of disassembling your binary and changing it. Don't assume you are too small-time for them to bother. I'm most definitely small-time and my software is regularly cracked and publicly posted on the internet. They even charge money for it.
But you need some way of permanently identifying a particular user or device - what do you use for that? Can't a user delete and reinstall an app and then reappear on your server as a new user?
That's what receipts and activation codes are for. In the Mac App Store, I use the receipt. Network requests include the app receipt which I can verify with Apple, and then double-check Apple's response to make sure it is my receipt. I do something similar with my Developer ID version. It is tricky though. This is one of many points that the anti-App Store crowd conveniently forget. Your 30% comission pays for a first-class DRM infrastructure.