Yes it is as good as a hot wallet by a reputable company (also regulated company).
The one thing it gives you is that you have physical control over when it signs. It can't do things unless you prompt it to do so. It can't do it because a hacker told it to, it can't do it because it is malicious, but yes, it isn't nearly as secure as one with a display.
Right I see the use to compensate for the lack of a built-in secure enclave (like most PCs), so it can't be high jacked from working memory by other malicious software 👍
I don't know enough about the secure enclave situation, or more specifically, the secure element in many modern smartphones.
1. Is it in many or just a few like the Google pixel?
2. Does software like BlueWallet use it?
3. How does it really keep data secure from malware? Does it limit access to the specific apps that created the data? Is there reliable anti-spoofing?
For apple, the enclave requires a faceID proof before it'll sign. But, afaik no btc wallets use them because the curve the enclave supports is secp256r1 (whereas bitcoin is k1).
I heard op_cat provides enough account abstraction to make it work, but, have not looked into if that's true or not.
