I don't know. I haven't personally gone through the process.
>What is the highest level of openness such a device can offer to the user, and why?
You have to follow the CDD. https://source.android.com/docs/compatibility/13/android-13-...
and you of course must pass the compatibility tests. So it can be as open as you would like as long as you do not break the android security model.
>it would be best to have an option of a completely locked down and certified hardware token, a device like a Yubikey
That approach is limiting since secrets can't be passed to the host operating system and compute with secrets have to happen on the secure device.
AKA as long as you don't give control to the user.
A system being secure doesn't mean that the user doesn't have control. The operating system should allow the user to control it, but only in a secure way that doesn't compromise the rest of the security of the system. The Windows way of having an administrator account or Linux of having a root account given to the user has been proven over time to be worse for security. Windows has been trying to roll back this mistake, but most Linux distributions don't do anything because they don't care that much about security compared to an operating system like Android.
I wanted to extract some data files from an app I was using and Google's Android told me that I was not allowed to do that. That was the apps data not my data.
It doesn't really matter root/fine grained permissions. The fact is that on stock Pixel phones the user can't access whatever data they want. So in practice they don't have control.
And the alternative is taking a picture of the QR code.
> Additionally just because someone is using a device that doesn't mean that the current user is the owner of the device.
Yeah that's why you make the owner authenticate. It would be ridiculous to use that as a reason to make escalation impossible.
Furthermore nothing prevents you from just taking pictures of the individual enrollment keys and printing those out either.
If you want TOTP 2FA that actually follows a one key per device policy you need to buy hardware tokens with some kind of out-of-band keying mechanism and enroll those. Then your problem changes from "how to stop people from copying my 2FA tokens" to "how to not get locked out of my account when my 2FA key device breaks."