With ledger, the private keys are never exposed to the os. Transactions are signed by the hardware which requires physical confirmation. So, in principle the os of the computer could be comprised and it would not make a difference. With an app, I do not think that is the case. If your phone is compromised, transactions only need to be signed by software, which should be easy to do if the attacker is controlling your phone remotely.
If you have physical access to the ledger. You have 3 goes at a 8 digit pin, or it will wipe everything. You can have 2 different levels of 24 random word passphrase (or 24 plus one secret) allowing for plausible deniability and given you a minimum of 2 wallets for each currency (of which one is deniable).
Phones are inherently insecure, computers as well, but phones lag in security. Shapeshift whilst useful is not really a good long term way to change between currencies. Unless you are using it for anonymity, but then that is compromised by using a software wallet on your phone!