Neither Google nor Apple have root access on a Yubikey, nor does that key have some sort of wireless transmitter included which would allow for unnoticed data transfer to or from the key.
Furthermore, it is nowadays largely trivial to set up sandboxing within a single user (using SELinux, Apparmor or whatever else) or to use multiple users and classical privilege separation to achieve the same effect.
It is also telling that your "Threat Models" in the link above do not discuss attacks against the phone at all.
Edit to add: You currently also do not have the ability to use my keys. If I were to install the app (and set it to auto-update as suggest so vigorously elsewhere), all it takes is for a tiny little update by you with no public oversight to own every server I have access to. How is that possibly improving security?!
Thanks for the one sane post in this thread, as opposed to the iPhone is more secure than your Linux desktop FUD that tptacek seems to be spreading here.
Furthermore, it is nowadays largely trivial to set up sandboxing within a single user (using SELinux, Apparmor or whatever else) or to use multiple users and classical privilege separation to achieve the same effect.
It is also telling that your "Threat Models" in the link above do not discuss attacks against the phone at all.
Edit to add: You currently also do not have the ability to use my keys. If I were to install the app (and set it to auto-update as suggest so vigorously elsewhere), all it takes is for a tiny little update by you with no public oversight to own every server I have access to. How is that possibly improving security?!