That has happened in 2019, do they still suffer from the same problem? Btw they removed the support of AOPP but yeah, what you say about them is true.
It's interesting to know what you think about Coldcard or do you think that no hardware wallet is trustable and airgapped encrypted devices are the only last and one devices to use.
As I said, the vulnerability is unfixable. It still exists and will always exist on these devices. Coldcard is certainly airgapped, but it is not open source as Pmalek points out and the company behind it spread lies about competitors for their own gain. I personally wouldn't use it.
If I had to buy a hardware wallet right now, I would buy a Passport. But I'd much rather continue to use a separate airgapped, encrypted device, running a FOSS OS and wallet.
Coldcard changed their license from GPL to MIT+CC because The passport foundation forked a FOSS firmware base from Coldcard and this made them very upset. The fact is, Coldcard is the true creator of the most secure firmware model. Coldcard is not FOSS but it's still open source,
anyone can view the code. While Passport did everything legally, I totally understand the anger from Coldcard's side but for justice, it should be said: Coldcard copied Trezor too when they appeared on the market.
By the way, I would stick with Coldcard. For people that want more user-friendly device, PP can be an option.