- Stores their security credentials for critical sites (banks, HR/payroll, stores, govt services, etc.)
- Even if not, has unfettered access to their primary email account, which means it can autonomously initiate a password reset for nearly any site
- Is their primary 2FA mechanism, which means it can autonomously confirm a password reset for nearly any site
That's an immense amount of risk, both from apps running on the device, and from the device getting stolen. Both of the measures I mentioned are directly relevant to these kinds of threats. And, as I already said, Android has adopted these same security measures as well.
I have no idea what you are trying to say in the context of the thread. Hardware security is important for all of that and security measures have to evolve over time.
- Stores their security credentials for critical sites (banks, HR/payroll, stores, govt services, etc.)
- Even if not, has unfettered access to their primary email account, which means it can autonomously initiate a password reset for nearly any site
- Is their primary 2FA mechanism, which means it can autonomously confirm a password reset for nearly any site
That's an immense amount of risk, both from apps running on the device, and from the device getting stolen. Both of the measures I mentioned are directly relevant to these kinds of threats. And, as I already said, Android has adopted these same security measures as well.