[Avamander]

Once SafetyNet was brought to Android a decade ago the tendency has been clear - these freedoms are going to be restricted heavily.

Because how do you make sure it's the user who does those modifications, willingly and well-informed? That it's not a malicious actor, not an user getting socially engineered or phished? Incredibly difficult compared to the current alternative.

If it's not a software root of trust that provides an attestable environment like Android or iOS. It's going to be a hardware root of trust that provides an attestable hardware environment, like SGX. I can predict no other practical avenue taken. Unless the orangutan really forces a demonstration on how untrustworthy these environments can be and a lot of money and effort is spent.

[lvass]

You can maybe, trust the user to handle it's own certificate in their own devices? Though I admit requiring attestation is probably a good default.

[Avamander]

One important feature of a legal ID is that it's hard to copy, so attestation from the hardware storage would have to be basically mandatory.

But yeah, the user could have a choice to this extent.

[dns_snek]

You can attest that cryptographic key material is safely stored without attesting that their operating system and software running on it is all government-approved.

That's what smartcards like Yubikey do, my government certificate is on it and it can't be exported. They could attest that but beyond that, the operating system of the host device is none of their business.

[Avamander]

> You can attest that cryptographic key material is safely stored without attesting that their operating system and software running on it is all government-approved.

There's no proper way of doing so on Android.

Some countries, like Estonia, are providing their own SIMs to solve this problem. That indeed works. Unfortunately phones are being made that are eSIM-only and certifying eSIMs to the same EAL level is near-impossible.