[tourmalinetaco]

> you’d need an actual OS exploit

Not necessarily, for instance 3rd party keyboards like Grammarly are keyloggers by their very nature. They grab your input, process it, and give output in terms of grammar corrections. And a rogue app update can absolutely do the same.

> And how do you make sure that that doesn’t come with a keylogger

The same way you verify anything is what you want and stays that way, MD5/SHA256 hashes and airgaps.

[lxgr]

It's possible to disable third party keyboards for sensitive data entry at least on iOS. Not sure if the same is possible on Android – worst case, a wallet could just provide their own keyboard/passphrase entry method.

> The same way you verify anything is what you want and stays that way, MD5/SHA256 hashes and airgaps.

How do you determine a given hash to be trustworthy? And how do you know you can trust your `sha256sum` implementation?

You're always trusting someone. Any security analysis pretending otherwise is worthless.