They actually already do in the EUDI wallet reference implementation. There, as this is part of a more general ID system, they probably want to avoid that people duplicate or export IDs.
In case of a privacy preserving age check, the fear could be that a copied private key could be enough to generate unlimited age proofs, indistinguishable from the original app instance.
In another thread someone gave an even lazier argument: the eudi wallet requires hw backed keys by law regardless, and the laziest implementation would be device attestation...
alt Hacker News
They actually already do in the EUDI wallet reference implementation. There, as this is part of a more general ID system, they probably want to avoid that people duplicate or export IDs. In case of a privacy preserving age check, the fear could be that a copied private key could be enough to generate unlimited age proofs, indistinguishable from the original app instance. In another thread someone gave an even lazier argument: the eudi wallet requires hw backed keys by law regardless, and the laziest implementation would be device attestation...