@mgiuca > Are you suggesting that Web Payments shouldn't need to verify the payment app because additional verification would take place while completing the payment flow? What I'm saying is that the potential problem is (or should be at least) addressed during payment credential enrollment which is out of scope for this WG as far as I can tell. That is, banks do not want to deploy their precious keys in arbitrary apps which is why Android provides isolation features like: https://developer.android.com/training/articles/keystore.html -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/webpayments/issues/225#issuecomment-290317586Received on Thursday, 30 March 2017 06:45:27 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:43:24 UTC