My issue is they make the devices and OS. And I’m not sure we should (read: please don’t) trust apps directly, to be honest, as they are a target vector.
External signing devices are great. What’s missing is a layer perhaps where the external signing device says, “hey, your last message to...