I knew that as soon as the first hardware wallet came out. Does anyone here know any actual attack vector that could be used on Android to compromise the seed phrase when it's being entered or stored? If I am using Yoroi on a clean Android, what should I do to have it compromised?

That's difficult to say.. compromised could be even losing your phone, or someone watching you type your spending password and then stealing your phone. Also remember people have unlimited attempts at spending password if someone gained access to your mobile. These days mobiles are genuinely quite secure. But I think the bigger question would be, is the cost of a hardware wallet to add security to your funds worth it. Private keys and seed words security are more important than the funds itself. Simply because access to them would give unconditional control over funds in that wallet.