I don't know about the Android apps, but on iOS, the dialogue prompts for the pin when using a security key.

This is not the case on the website, and in my opinion, requesting the pin only makes sense when the key is the only factor, in Proton's case, the user's password is already required.