Yea I think Android might have the option to use Amber, or whatever the signing app is. Assuming Amber and the Amber dev isn’t stealing your nsec, that’s probably the better option but you still have to have at least that much trust.