I think the idea is that you are one step removed with the private key in Alby. IE - Alby requests permission to usd your private key.
Where something’s like your initial Astral account has both your private and public keys in one “app”.
I could be totally off base on this and I’m sure someone more tech savy will intervene.
With Astral, the private key is saved in your browser's local storage, but yes, you're not entirely off base here. The main thing to worry about is XSS vulnerabilities.
Correct me if I’m wrong, is this referring to the possibility of navigating to a link outside of the app that will bring the local storage along?
Is this still possible in Android without user interaction?
