1. Someone could set up a server that proxies WEI required requests to regular clients. The client initiates the process, the request goes to the middleman, the middleman makes the proper WEI authorized request, gets the response, passes the response back to the client.
2. The private key could leak somehow, and so, software can forge the required signature.
I'm not holding my breath for either one. Some kind of regulation has to step in, otherwise Google puts the internet in a chokehold.
My guess is that on desktop, the endgame will involve implementing Easy Anti-Cheat levels of anti-tampering into the browser to prevent anyone from proxying through an automated Chrome instance or whatever. On Android, Google already has SafetyNet or Play Integrity, they can already refuse if the app or operating system has been modified
1. Someone could set up a server that proxies WEI required requests to regular clients. The client initiates the process, the request goes to the middleman, the middleman makes the proper WEI authorized request, gets the response, passes the response back to the client.
2. The private key could leak somehow, and so, software can forge the required signature.
I'm not holding my breath for either one. Some kind of regulation has to step in, otherwise Google puts the internet in a chokehold.