logoalt Hacker News

Retr0idyesterday at 7:21 PM0 repliesview on HN

Android Key Attestations are bound to the app that minted the key, so this does prevent a fully-functional clone from working if they use attestation during auth. But it doesn't prevent a fake app that only exists to phish credentials.