You're approaching this from the idea that the impenetrability by third-parties is the primary security feature.
If this is true, then my worry isn't even about malicious attackers, it's my neighbor (with a real Mac) being able to (accidentally!) eavesdrop on my phone screen (since according to you this is the primary security measure).
It's obviously ridiculous, and the primary security measure is that there must be a prior key exchange and consent step. If that part is secure, then it would be secure against a third-party.
If that part is not secure, then no Secure Enclave-ing will help you, because worst case scenario, the attacker can just use a real Mac as part of his attack to pass the secure-enclave-protected authentication step, or just exploit the good old "analog hole" by using the real Mac as the main attack vector (and then just capture its HDMI output and feed in inputs via a USB-capable microcontroller simulating a keyboard).
If this is true, then my worry isn't even about malicious attackers, it's my neighbor (with a real Mac) being able to (accidentally!) eavesdrop on my phone screen (since according to you this is the primary security measure).
It's obviously ridiculous, and the primary security measure is that there must be a prior key exchange and consent step. If that part is secure, then it would be secure against a third-party.
If that part is not secure, then no Secure Enclave-ing will help you, because worst case scenario, the attacker can just use a real Mac as part of his attack to pass the secure-enclave-protected authentication step, or just exploit the good old "analog hole" by using the real Mac as the main attack vector (and then just capture its HDMI output and feed in inputs via a USB-capable microcontroller simulating a keyboard).