At any given time when I sign a public document, the FIDO, my fingerprint is checked on my device, it’s not transmitted anywhere, it’s just on my device. The connection itself, the SIM card, is checked for integrity. The phone’s apps and so on is check for integrity. If any of these show any sign of being infiltrated, so one. The other factor still protect me, and then we can discover who’s actually meddling with my phone.