The whole setup is only secure if the phone is secure. One malicious keyboard app and the key is leaked, and now there is no security left at all.
I think such a design is only safe to human-life standards if all possible signed messages (ie. All possible messages the app could send) would be safe for the user.
I think such a design is only safe to human-life standards if all possible signed messages (ie. All possible messages the app could send) would be safe for the user.