Pay securely with an Android smartphone, completely without Google services: This is the plan being developed by the newly founded industry consortium led by the German Volla Systeme GmbH. It is an open-source alternative to Google Play Integrity. This proprietary interface decides on Android smartphones with Google Play services whether banking, government, or wallet apps are allowed to run on a smartphone.
#1 without #2 is unsafe.
#2 doesn’t exist in android because of apps and vulnerabilities
Apple at least makes a good run at it.
Part of androids locking shit down is to try to make their own run at it.
I honestly think we’re all just going about it wrong. Make a new physical sim that is unclonable, undumpable, ultimately secure. Have it key sign financial transactions require a pin and have a physical button. If you don’t touch the button and have the pin, it won’t process a transaction.
I often wonder why physical authentication devices can’t just be a usb storage device with a physical read only switch. The user keeps it read only except when interacting to add an authetication with a provider. Of course ideal it would be in person and all services would have physical locations.
Read only doesn’t cover what’s needed. You need something that holds a keys that cannot be extracted. Ideally, the institution sends it a challenge, it signs the challenge and returns it. You need the keys not to be retrievable.