>worst device in terms of security
>easiest device to steal
>already tends to contains too many sensitive data
Banks: Let's try to base security on this thing.
@lanodan It’s especially infuriating when banks want hardware attestation of the boot chains on Android devices, so you can’t even run a sane OS on the hardware.
@lanodan sadder still is that a company here provides a system for legally binding e-signatures that is semi-backed on Android/iOS. Half of the key on the smartsteal, half of the key on their servers.
@lanodan tbh here they are decently good if you know what to use. All of our ID cards come with a couple of certificates, which is the best choice besides other dedicated devices you can get. Other kinds of it do suck more though. There's a nice writeup if you want to learn more about how it is here https://nullroute.eu.org/~grawity/pki-in-lithuania.html
And while RFID/NFC blockers do exists auditing that they actually work well enough is a bit hard.
@lanodan Do note that while all ID cards have NFC stuff, it has nothing to do with digital signatures. It allows to get all the data printed on the card in a digital format signed with an issuer key. You do need some date from the card to read it as well so they can't be mass harvested (the document no and issuance date IIRC).
All the signature stuff gets handled by a separate micro-controller in a chip similar to those of a bank card. It's kind of a Javacard with custom firmware.
(ID cards are only compulsory in France so I'll wait for mine to expire and use my passport when crossing borders or for documents)