do you know if is this even a problem?

im assuming if you are using a foss client it can be verified how the client stores your key and make sure it doesnt leave your device. or is it the OS (android and ios) that we are worried about?