Evidence related to Swedish BankID
When a person signs or identifies themselves with Swedish Mobile BankID, note that the IP address reported in column three of the evidence log pertains to the device displaying the agreement, not the IP address of the mobile phone or tablet where the Mobile BankID is utilised.
In column four we see the text shown in the BankID app, making it clear to the signing party that they are signing a document. Also, the name of the person whose BankID is used, their personal number and the IP address of the mobile (or other) device that ran the BankID app are shown.
In this particular case (see image), the IP address in column three is the same as the one in column four. This indicates (but does not make 100% certain) that the mobile device and whatever device that showed the agreement were close to each other or maybe even the same. But remember: one IP address may contain an entire city.
The “Signature” text contains the certificate chain for the BankID. It can be decoded to show the issuing bank, the validity dates of the BankID and what kind of BankID it was.
Evidence of intent and "BankID on this device"
The Evidence of Intent file normally contains images of what the signatories saw on their screen. As this is a client-side script, it is sometimes impossible to capture a screenshot and due to browser settings or browser bugs.
One particular thing that can be determined from screenshots (at least from 2017 and later) that shows the actual signing view (not the top of it) is for instance whether BankID was opened on the same device or not by looking at the check mark next to “Open BankID on this device”. This is usually the case when both viewing a document and signing it on a mobile phone (see image).
When viewing on a computer and signing on a mobile device, the checkbox will be unchecked. Note that there are BankIDs that work on a computer as well – a dongle with a card reader or a software BankID for example. But it is possible to determine the type of BankID from the Signature in the Evidence Log. One can also guess the type of device used based on the size and proportions of the image. In the example (see image), it looks a lot like a mobile phone in size.