The thing is, if they did what they said they did (seed stays on device) they could be quite cool. Like turning phones into hardware wallets.

BUT, they have a “sync” feature in which the content is encrypted so that it can be sent to another device. This would be OK if the encryption key was known only to the recipient device…

BUT, the encryption key is actually your PIN. The intermediary (Apple, etc.) holds the “encrypted” payload, so that if you lose your phone, you can get a new one, download the encrypted passkey DB, and decrypt it with your same PIN.

This search space is incredibly tiny (4-6 digits). So any attacker with access to the encrypted payloads can easily brute force it to get everything. So the security of your sync’d passkeys is entirely reliant on the intermediary.

It’s “trust me bro” security masquerading as sovereignty.