There’s GrapheneOS that I think would try to address this problem — secure, proper architecture, compatible with some major app stack (e.g. Android apps). It’s AOSP-based, but they’re already thinking ahead up to a point where they would be forced to fork it and even work with OEMs to create their own phone hardware for it. There are a couple of threads on their Mastodon.
I don’t know how much they would be able to achieve, but I would pay for such system.
This. And obviously to ban all the things like adblockers, NewPipe, custom browsers, etc that give people any kind of relief from Google’s digital slavery.
It has nothing to do with KeepassXC, it’s still early development and you won’t be able to backup or extract your passkeys because it stores them in the hardware secure element on the phone (if it’s available), but it works: https://git.noisruker.de/Juhu1705/open-passkey-authenticator
PIN code throttling can’t be implemented properly if hardware doesn’t support it. This is the very purpose of the secure element.
It has its own CPU, storage, random number generator and realtime clock. Once a secret (encryption key) is generated inside of it, it can’t get unlocked until this very tiny chip allows it. And the chip uses different kind of protections (in case of weak pins — the most prominent one is throttling using its built-in RTC clock).
If there’s no secure element, then attacker can just extract the memory chip and easily brute force the encrypted key on the much more powerful (and not throttled by RTC) hardware.
And since the PIN codes are so weak, even the strongest key derivation functions won’t help against such bruteforce.
Dude, that’s a pizza cutter…
They can, but it’s not their goal. Their goal is to have control over 99% of Android phones produced and not let their users install adblock or NewPipe, or torrent app or whatever.