It’s about trust and not „how they work in theory“. 1password isn’t a proper, it’s a proprietary solution. Especially, because I know there are apps that are captureing screenshots and syncing more than crash analytics, I didn’t trust closed source software my most sensitive data. Some of them are sniffing all the way and we have no real security in terms of „integrity“. They are telling me something about encryption but can’t proof me and others a „proper“ implementation of their mathematics.
In addition, I was „Apple software“/ AppStore develooper some time ago. Have a closer look at their developer program contract at the section about software im/export. There was an interesting and scarry rule to only use „governmental approved“ encryption technologies. Developers are not allowed to use their own implementation without permission. Why do you think is that so?
Last but not least, mobile phone users usually don’t have a deeper software understanding and no traffic analysis tools like Little Snitch to block outgoing connections. In this case, this would a real security & trust benefit
But I,ll see, you guys have other priorities. I‘ll just say, there is a usability issue between the official app and the mail login procedure. As far as I know, the universal link solution I‘ll recommend to you is very simple and could adress this gap. If you don’t have time for that, it’s okay for me.
But please don’t say to me, I should trust 3rd parties my most sensitive data. I won’t.
I like the OTP link solution. This is great idea of 2FA made easy. If someone gets unauthorized access to my mails, I would notice and prevent this that for sure.
But if someone finds a way to jailbreak / root my mobile device remotely and there might be spying options ans key loggers implemted, I‘ll never notice that, until it’s too late.