I said the banking apps are full of security theater. That's why they do root checks and such. AVF/pKVM will not prevent apps from incorrectly using attestation. If there's a way for an app to check for root or any possible deviation from fully trusted and unmodified, then it will be checked by certain types of apps, like banking apps, that rely on security theater. To be clear, the checking everything possible and completely locking you out if anything is even slightly off is the security theater. Not AVF/pKVM itself.
> checking everything possible and completely locking you out if anything is even slightly off is the security theater
Sadly not the first or last time that technology is wielded imprecisely or carelessly. Improvement options include:
1. Marketing and rewarding non-theatrical attestation
2. Open training content for attestation best practices.
3. Symmetrical 2-way attestation of open components.
4. Automated CI/CD detection of over-broad attestation.
5. IETF or other advocacy to improve attestation protocols.
6. Legal/regulatory mechanisms.
Hah, you kidding? PTSD rules my life~
> AVF/pKVM is not security theater
I said the banking apps are full of security theater. That's why they do root checks and such. AVF/pKVM will not prevent apps from incorrectly using attestation. If there's a way for an app to check for root or any possible deviation from fully trusted and unmodified, then it will be checked by certain types of apps, like banking apps, that rely on security theater. To be clear, the checking everything possible and completely locking you out if anything is even slightly off is the security theater. Not AVF/pKVM itself.