Neither Google nor Apple have root access on a Yubikey, nor does that key have some sort of wireless transmitter included which would allow for unnoticed data transfer to or from the key.

Furthermore, it is nowadays largely trivial to set up sandboxing within a single user (using SELinux, Apparmor or whatever else) or to use multiple users and classical privilege separation to achieve the same effect.

It is also telling that your "Threat Models" in the link above do not discuss attacks against the phone at all.

Edit to add: You currently also do not have the ability to use my keys. If I were to install the app (and set it to auto-update as suggest so vigorously elsewhere), all it takes is for a tiny little update by you with no public oversight to own every server I have access to. How is that possibly improving security?!

From your blog:

  If you have a passphrase encrypted key, you can see this for yourself:

  $ eval `ssh-agent` # make sure an empty agent is running
  $ ssh user@server  # enter passphrase on first login
  $ ssh user@server  # passphrase no longer needed

This is wrong. Keys not added explicitly with `ssh-add` to ssh-agent will not be available unless you explicitly enabled AddKeysToAgent in ssh_config. [0]

Forgetting something like enabled config options is nothing uncommon for a user, but it doesn't exactly speak well for a company making an ssh-agent alternative as a product. Also I tend to agree with the poster adjacent to me which emphasized the inadequate threat model analysis in your blog post, including entirely ignoring or failing to address critical points.

[0] https://www.freebsd.org/cgi/man.cgi?query=ssh_config&sektion...

Some distros do this automatically for you. I know macOS did until the recent major update.

I also share the opinion that the threat model is flawed, biased. You define it "deep dive" but you didn't even scratch the surface of the issue.

> At the core, phone operating systems are built with better sandboxing than their desktop counterparts. This is why security experts like Matt Green recommend phones for your most sensitive data.

Having a better sandboxing is not the same as having a "safe sandboxing". How secure is the application once an attacker is able to compromise the sandboxing?

IMHO the rest of the threat model "deep dive" has no value once we take that attack scenario into account.

What about a non-dictionary based 20chars password protecting your private key, or storing your SSH key on an OpenPGP Smartcard in a USB token, a Yubikey or a Nitrokey (www.nitrokey.com)?

I believe that it would be much more secure than application whose security model is based on the sole sandboxing.

My phone has been on so many more networks, does not get properly updated, and is just a personal device that I use for lots of stuff and trying out lots of apps. My laptop consists of 98% software from repositories, has disk encryption, is updated very frequently, and has perhaps 2 or 3 applications from outside of the repos.

A phone is much more prone to theft and I don't password protect it because if I'd have to input a 10+ character random password every time... I might as well not have a smartphone but just pull out my laptop every time. Since I carry it around all the time, there is little opportunity for unauthorized access...until it gets stolen. And then I don't want to lose all access to my infrastructure.