pull down to refresh

No, their phones would be on 24/7, as they're today. It depends on your threat model but having multisig across several up-to-date android phones seems relatively secure to me.