But then to save cost including the support cost banks stopped and instead started to require a non-rooted Android/iPhone.
But I think there are still cell operators without sim card
I feel like this is getting to the point of gaslighting. Many of the allowed devices are bargain bin Android phones running out of date software with known vulnerabilities in both the operating system and the hardware which is supposed to be protecting the keys.
Meanwhile you could be using a hardware security module in a bank vault in a nuclear bunker surrounded by armed guards and the excuse would be that this "isn't secure" because it hasn't been approved by Google or Apple.
Governments shouldn't be requiring you to use any specific vendor or set of vendors. They should be publishing standards so that anyone who implements the standard can interact with the system.
Yeah you could, but most people won't
Should they allow for a yubikey on a non-google phone? Or your own private key? Yes they should. But then there's the issue of enrollment, etc.
When something is required by law, it needs to work for all people.
It also specifically needs to not entrench incumbents by impeding the ability of challengers that don't currently have market share from ever getting any.
> Should they allow for a yubikey on a non-google phone? Or your own private key? Yes they should. But then there's the issue of enrollment, etc.
There is no such issue because enrollment should be part of the standard so any device that implements the standard can be enrolled.
No I do not. It is plenty secure compared to a corporate version and nobody should be legally able to deny service over me having control over my own computer.
Needing the entire OS to be secure to protect a key is also a dumb idea in general.
This is the final step in the road to full remote attestation, thankfully PCs already come with Microsoft Pluton chips[1] to make it easier.
[1] https://learn.microsoft.com/en-us/windows/security/hardware-...