My issue is they make the devices and OS. And I’m not sure we should (read: please don’t) trust apps directly, to be honest, as they are a target vector. External signing devices are great. What’s missing is a layer perhaps where the external signing device says, “hey, your last message to Dave was to pubkey X, it’s now Y” or similar - however I favour dumb signing devices. A trusted OS would be ideal to perhaps have this security layer to keep/compare state and make it obvious/transparent - it’s just painful that we can’t trust the OS.