alt Hacker NewsIs this not easily patched by the provider encrypting and signing the whole payload? I would have thought that would be table stakes for an identity provider.
Is this not easily patched by the provider encrypting and signing the whole payload? I would have thought that would be table stakes for an identity provider.
The identity provider is on-device and has to run on phones which don't do hardware attestation.