I saw a video on Twitter where somebody ported Krux to run on an Android phone, and my jaw dropped.
Simply as an app running on good ol' Google Android or actually replacing the OS and running
only Krux without networking and other attack surfaces?
The hardware is perfect for this sort of thing.
Not really; these devices are not meant to be programmed on a low level like the microcontroller in something like M5StickV.
Therefore you're usually restricted to running apps on top of a potentially highly insecure operating system, with connectivity and networking features built-in that offer zero advantages for a hardware wallet, meanwhile opening more attack surfaces.
Unless you can fully replace the operating system with a custom firmware, it would be a very bad idea to repurpose an old phone for this.