pull down to refresh

doesnt help with key exfiltration if the host device is compromised
Yes it does. If the wallet is properly encrypted, you can't decrypt from just having access to the phone.
If you mean that the wallet would be swept as soon as you send a transaction, it's the same with a card wallet.
reply
Cards key isn’t resident in memory on the phone. The encrypted hot key is, when you have the app open. They’re different models.
reply
Functionally zero difference. It's much more of a difference that you suddenly have to trust the software wallet AND the card wallet. You double your attack surface.
reply