The unrestricted access to the child account is still the toughest struggle for me with Hybrid Custody. Although it’s great in practice, the app custody model is now responsible for a lot more in a hybrid system. In the past, the app could, like Dapper Wallet, restrict certain transactions from running. This means that I can prevent someone from having real usable Flow, FUSD, etc in this app wallet and have it be a limited, app-only wallet.
With unrestricted access, this child wallet can now literally be used for anything the main account wants to do. I can move Flow into it, out of it, etc. One thing we do is top off Flow for users - now the parent account can just use this as a way to accumulate flow by withdrawing this topped off Flow. In the world of running an app wallet, my life actually just got a lot more complicated. Really, the parent account could just use these app wallets as ways to move money around, etc and now my app wallets would also be at risk for usage in all of this.
Again, we’d absolutely love a limited way to hybrid link, but an unlimited way still feels challenging to use in practice, where the app now takes on a lot more risk for how these wallets can be used. If it was limited in some way, i.e. to a storage path, a set of capabilities, etc we’d be able to control the risk much more easily.