Comment by baq
21 days ago
> or even visit their bank's website using a browser
when desktop browsers are considered less trustworthy to the bank than mobile apps (this is approximately now) they'll invert the functionality and limitations surface so mobile will have more authorizations than desktop browser (this is also happening now).
client attestation is a fundamental transfer of freedom from the client to the server. it's nice in theory (I too want my money safe), but at the very least it needs a third party with different incentives, not the OS, hardware and browser vendor.
Yes, you already need the app to accept flagged transactions (that the bank didn't deny outright) for my Bank, no way to do that in a Browser.