I'm not an huge fan of BankID either, but a few corrections/clarifications:
1. BankID always allowed to have different settings for login and for signature. I have done that since forever. For example, I configured login to allow biometrics but not signature. If it's forcing me to enter the security code I know it is a signature, which forces me to pause. I cannot sign anything by mistake (like a transfer) because I'm forced to enter my long security code to complete it. And for the much more frequent scenario of pure logins, I can just use my finger.
2. I believe it does use the hardware-backed keychain if the device has one. I cannot prove it as the source code is not available, but I remember being curious and checking this on a rooted device.
1. BankID always allowed to have different settings for login and for signature. I have done that since forever. For example, I configured login to allow biometrics but not signature. If it's forcing me to enter the security code I know it is a signature, which forces me to pause. I cannot sign anything by mistake (like a transfer) because I'm forced to enter my long security code to complete it. And for the much more frequent scenario of pure logins, I can just use my finger.
2. I believe it does use the hardware-backed keychain if the device has one. I cannot prove it as the source code is not available, but I remember being curious and checking this on a rooted device.