An SD card in a card slot can only be accessed as a mass storage device.
A USB drive can act as a mass storage device as well as a keyboard and mouse and even contain an entire OS on it that could be remotely accessible via WiFi.
fwiw, it is most definitely possible to build an sd card that can exfiltrate its own data over wifi. in fact, that was the entire point of the Eye-Fi[0] product (though not with any nefarious intent).
though granted that's still a way smaller attack surface than what would be typically granted to a usb device.
I had forgotten entirely about Eye-Fi. Excellent point!
When it comes to physical access, especially with shared physical devices, there's always going to be some type of attack vector, however small it may be.
SDIO would suggest otherwise, though I have no idea if Android supports it, and what drivers would hypothetically be required. Niche, but might be possible.
An SD card in a card slot can only be accessed as a mass storage device.
A USB drive can act as a mass storage device as well as a keyboard and mouse and even contain an entire OS on it that could be remotely accessible via WiFi.