The problem was flagged by @Scrivdotorg in Telegram.
When you backup your private keys in the app, the most common way to do it would be to copy and paste your keys, but this creates a valid concern about privacy: any malicious app could be listening to the clipboard in the background and potentially steal all your private keys, or the user could paste it wherever they think would be nice, which in reality could be dangerous.
Proposed solution
- Make instead a PDF or an image with all the keys and their respectively QR codes. This way, we’ll not be touching the public clipboard of the cellphone, and we could also incentive the user to print out the generated keys, which is much safer that what most users do: paste all into WhatsApp or some other equally unsecure or worst app.