What’s to stop a malicious app developer from stealing your keys in another way? There is a fake Damus app in the Google Play store that may be stealing private keys.
Discussion
Agree. Fake android app is a big problem. Will mentioned several times that Damus does not have an android app. But new people may not know that.
I think the real solution to this is have key delegation and do not use master private keys on app or web.