Depending on how they designed the client keystore access, it might be possible, but that would be an obvious design flaw.

> device hack

there goes your digital life essentially

jp305

Yeah, just keep auto updates off. I've heard directly from a self-custody crypto mobile wallet provider that even though it's self custody, they could push an auto update to sign transactions... Can't mention them by name, but there's really nothing unique about them. Third party trust is third party trust. 

In the meantime, if the result of a device hack is a compromised keystore, there goes your e2ee.

frostdragon

bitcoin

Introducing Proton Wallet – a safer way to hold Bitcoin | Proton

plebone

Even if it's hacked, your data is e2e encrypted.

Hot wallet is perfectly fine for some use cases.