If you work on mobile apps you will notice that full attestation is too slow to put in the login path. [This might be better than it used to be, now in 2026].
I don't think a good security engineer would rely on atty as "front line" anti brute force control since bypasses are not that rare. But yeah you might incorporate it into the flow. Just like captchas, rate limiting, fingerprints etc and all the other controls you need for web, anyway.
I know I'm quibbling. My concern is that future where banks can "trust the client" is a future of total big tech capture of computing platforms, and I know banks and government don't really care, but I do.
> total big tech capture of computing platforms
Correct. And the end of ownership, privacy, and truth too. If something can betray you on someone else's orders, it's not yours in the first place. You'll own nothing and if you aren't happy, good luck living in the woods.
> you work on mobile apps you will notice that full attestation is too slow to put in the login path
Hm, Play Integrity isn't that slow on Android, from my experience.
> don't think a good security engineer would rely on atty as "front line" anti brute force control since bypasses are not that rare
I'm not privy to device-wide bypasses of Play Integrity that ship with Trusted Execution Environment (which is pretty much all ARM based Androids), Secure Element, and/or Hardware Root of Trust, but I'd appreciate if you have some significant exploit writeups (on Pixels, preferably) for me to look at?
> My concern is that future where banks can "trust the client" is a future of total big tech capture of computing platforms
A valid concern. In the case of smart & personal devices like Androids though, the security is warranted due to the nature of the workloads it tends to support (think Pacemaker / Insulin monitoring apps; government-issued IDs; financial instruments like credit cards; etc) and the ubiquity & proliferation of the OS (more than half of all humanity) itself.
> Insulin monitoring apps
A monitoring app doesn't even interact with systems you don't own. Just put a liability disclaimer for running modified versions.
> warranted
Decided by whom? And why is Google trusted, not me? At minimum, I shouldn't face undue hardship with the government due to refusing to deal with a third party, unless we first remove most of Google's rights to set the terms.
> A monitoring app doesn't even interact with systems you don't own. Just put a liability disclaimer for running modified versions.
This is unserious when Insulin overdose can be fatal.
> And why is Google trusted, not me?
(Hardware-assisted) Attestation on Android doesn't require apps to "trust Google".
> I'm not privy to device-wide bypasses of Play Integrity that ship with Trusted Execution Environment (which is pretty much all ARM based Androids), Secure Element, and/or Hardware Root of Trust, but I'd appreciate if you have some significant exploit writeups (on Pixels, preferably) for me to look at?
Hi, you don't have the break the control on the strongest device. You only have to break it on the weakest device that's not blacklisted.
The situation is getting better as you note, but in the past the problem was that a lot of customers have potatos and you get a lot of support calls when you lock them out.
> think Pacemaker / Insulin monitoring apps; government-issued IDs; financial instruments like credit cards; etc
I agree with you on the need for trustworthy computing. I mainly disagree on who should ultimately control the trust roots.
We can only hope they continue to be found so there would at least be a small cost for this kind of indignity.