Yeah, just keep auto updates off. I've heard directly from a self-custody crypto mobile wallet provider that even though it's self custody, they could push an auto update to sign transactions... Can't mention them by name, but there's really nothing unique about them. Third party trust is third party trust.
In the meantime, if the result of a device hack is a compromised keystore, there goes your e2ee.
0 sats \ 1 reply \ @jp305 25 Jul
Depending on how they designed the client keystore access, it might be possible, but that would be an obvious design flaw.
device hack
there goes your digital life essentially
reply
But not your bitcoin!
reply