I have an ordinary iOS app that uses keychain SecItemCopyMatching and SecItemUpdate with kSecClassInternetPassword to fetch/store its oauth access tokens. This works fine in the ordinary iOS app. In iOS 10.1, I added an iMessage App that reads oauth tokens using the same code as the ordinary app with a shared keychain group. Starting in iOS 10.2, my keychain group started returning old data. My iMessage App receives an expired oauth access token, even after my main app updates the keychain and I kill and restart iMessage. I've verified in the debugger that I'm getting the wrong value.
I plan to file a DTS, but I'm filing this publicly so others are aware of the problem.