Couldn't an attacker just swap someone's phone for another with the current security model and it would be the same situation you're describing?
Couldn't an attacker just swap someone's phone for another with the current security model and it would be the same situation you're describing?