Yeah, enforced by Block. So there'd have to be a bad actor at Block getting access to the key somehow or some hacker that accesses it. Or a bug of course. I'm sure they'll have some kind of "X sats per day" thing as well. So if someone does get ahold of your device they won't get more than X.

I'm 99% sure there'll be a button in the app that lets you freeze the signing as well, would ben uts if they didn't have something like that.

I think this is a great step towards safer mobile wallets. The dream would be if they also open sourced it and made it easy to self-host so you use your own "Block" server.