▲ | Zak a day ago | |||||||||||||
I'm pretty sure I'm against this. I could be convinced otherwise by documentation of significant fraud involving compromised devices (especially Android phones) that would have been stopped by a device attestation scheme. I should note Google has such an attestation scheme, and there are reliable defeats for it in most situations given root access. Apps have been able to insist on hardware-backed attestation which has not been defeated for some time, but that isn't available for old devices. Almost none do so. If this had a meaningful impact on fraud, more apps would insist on the hardware-backed option, but that's quite rare. Even Google doesn't; I used Google Pay contactless with LineageOS and root this week. I'm currently convinced it's primarily a corporate power grab; non-Google-approved Android won't be a consumer success if it doesn't run your banking app, and the copyright lobby loves anything that helps DRM. | ||||||||||||||
▲ | ulrikrasmussen a day ago | parent [-] | |||||||||||||
Also, online banking has been a thing for so long on PCs which never had that kind of remote attestation. I also do not believe the security argument, but I believe that the banks believe it. | ||||||||||||||
|