It may theoretically be a false assumption but in practice it’s really not. The MitID identification and signing framework of Denmark, and many other similar systems across the EU, is based entirely on “the device is personal, access to it is limited and the secure enclaves within them are trustworthy”.
You are correct that this framework is not designed for anyone who wishes to root their device or install a custom OS. In other words, it cuts out 0.00000000001% of the population. The colour of the app has a bigger impact than “oh no! We can’t support rooted devices”.
It may theoretically be a false assumption but in practice it’s really not. The MitID identification and signing framework of Denmark, and many other similar systems across the EU, is based entirely on “the device is personal, access to it is limited and the secure enclaves within them are trustworthy”.
You are correct that this framework is not designed for anyone who wishes to root their device or install a custom OS. In other words, it cuts out 0.00000000001% of the population. The colour of the app has a bigger impact than “oh no! We can’t support rooted devices”.