I do not own a Ledger or Trezor though, as I prefer all of my hardware wallets to never be connected to a device while the device is connected to the internet.
There is no requirement for a Ledger or Trezor to be connected to an internet enabled device. You can use your hardware wallet to set up a wallet using a client such as Electrum on a permanently airgapped device, and then also use Electrum to create a "watch only" wallet on an internet enabled device. Create a transaction on the internet enabled device, transfer it the airgapped device, plug in your hardware wallet to sign it, and then transfer it back to your internet enabled device to broadcast it.
Yeah, I know. I just wanted to make it easier for the non-tech people around me. It is a pretty slick little device and I did update the firmware only once when I got it. I used an online device to download the firmware and then I copied the file to a airgapped device and then connected the wallet to the airgapped device to copy the file to the wallet. Then I installed the update via the wallet interface after disconnecting from the airgapped device. This might be a little overkill, but it was fun.
Shoot, I didn't even let the device create the wallet for me since I restored an existing wallet, all while offline. I do have one disclaimer though, I have only sent bitcoin to it and I have not used the wallet to send any bitcoin. I guess if all of my bitcoin disappears after I send some, then I'll know this wallet isn't any good. The only way that I could think that could happen though, is when I'm am scanning the QR code on the wallet with the Safepal app on my phone and it somehow transmits my seedphrase/private keys through the QR code to the app and sends it to hacker.
But shouldn't I be able to scan the QR code with a different device to see what it is transmitting and be able to see if it is transmitting my seedphrase?