If you setup the software wallet on the mobile phone you still expose the mnemonic recovery words on a potentially very unsafe environment. I can't say much about iOS as I'm not interested in the golden fenced fallen fruit products.

App data isolation should be good enough on iOS and Android. The Electrum Android app does a good job on data entry security as it uses an own specialized built-in keyboard to avoid leaking sensitive data to a potentially malicious keyboard app (doesn't need to be malicious, it's bad enough if it leaks any details a user enters via the installed keyboard app).

I don't trust the security of mobile phones when I see the monthly patches and security issues published. And with increased AI shit, it won't get better, for sure.

Watch-only wallets on mobile phones: not much of an issue with that. You can't loose private keys, you can only loose some privacy.

I limit the amount of value in mobile phone wallets that can spend funds to a maximum of very low three digit $$$ value. I won't be happy to loose that, but I could afford it, worst case.


Sure, if someone insists to use more value in a spendable mobile phone wallet, do yourself a favour and get a decent open-source firmware hardware wallet. Much safer than any software wallet (unless properly air-gapped cold software wallet) and definitely worth the expense.