Isn’t a “yubikey built into a phone” just equivalent to a password manager? What threat is actually prevented by that? You have to have some way to sync the “yubikey” so that the phone can be restored if it is lost.
Not necessarily - it could be the Secure Enclave thingy and yes, if you lost your phone it would be like losing your yubikey, but the goal would be to get more support for yubikey like things.
The point is people don’t buy just one yubikey. You are supposed to buy them in pairs at least. So whatever you put in a Secure Enclave needs cloud backup for normal people to be able to use it, at which point it’s not functionally a yubikey anymore.
