[fc417fc802]

Yes, a user could intentionally do something stupid. A user could also voluntarily wire the majority of his balance to a foreign account. That fact has no bearing on a discussion about the security impacts of attestation.

From a technical perspective device attestation doesn't add anything here. The typical user doesn't receive any additional protection. All of its supposed "benefits" ultimately stem from the restriction of end user choice but those same end users _already_ have a practically limitless selection of stupid choices available to them. And these are generally very deliberate choices that we're talking about here. Not subtle confusion.

> the majority of users have no clue what an app is able to do. If root is given to it then it can do anything.

If a user is stupid enough to seek out root, ignore all warnings, install a malicious app, and explicitly grant it root, then he was fated to fall for a much simpler scam regardless. Such as granting a malicious app admin on his laptop and then logging into online banking. Or installing a phishing app that proxies the session to the bank.

Typical users don't seek out root, don't install custom ROMs, and don't consent to the warning message about installing APKs from unknown sources. Grandma isn't ricing her mobile phone.

Support for hardware tokens or TOTP would address widespread real world attacks. Shutting down various customer service social engineering account reset tactics would also help, but that would actually cost money. In contrast attestation doesn't accomplish anything other than infringing end user choice. It's a highly unethical waste of resources.