The only secure way I can think that this would work, is with premade paper wallets made on an offline machine, by the app company you are using (or 3rd party), with full KYC already done.
The company makes these paper wallets on an air gapped pc, in a secure location, with the public key transferred into the live system via a usb key (a new usb key is used each time an allotment of new offline public keys are required).
When a new user downloads the app and installs it, it gets automatically tied to this additional offline public addy, and a user could send to this addy ('device tied' and 'username tied'), in the event of a possible compromise.
In the event of a compromised device, the user would sweep their balance into this offline wallet addy, then they would apply to have the offline paper wallet snail mailed to themselves.
This would require full KYC at the point of setting up the wallet app the ability to use this offline wallet, so maybe would only be a long term goal for a company like handcash. But it would be do-able I think.
It would also require a full KYC for a recovery of the wallet via snail mail.
---
There is an alternative to having to do full KYC by the app company though... (cont)
The only secure way I can think that this would work, is with premade paper wallets made on an offline machine, by the app company you are using (or 3rd party), with full KYC already done.
The company makes these paper wallets on an air gapped pc, in a secure location, with the public key transferred into the live system via a usb key (a new usb key is used each time an allotment of new offline public keys are required).
When a new user downloads the app and installs it, it gets automatically tied to this additional offline public addy, and a user could send to this addy ('device tied' and 'username tied'), in the event of a possible compromise.
In the event of a compromised device, the user would sweep their balance into this offline wallet addy, then they would apply to have the offline paper wallet snail mailed to themselves.
This would require full KYC at the point of setting up the wallet app the ability to use this offline wallet, so maybe would only be a long term goal for a company like handcash. But it would be do-able I think.
It would also require a full KYC for a recovery of the wallet via snail mail.
---
There is an alternative to having to do full KYC by the app company though... (cont)