It certifies devices running on Oreo (because vendor didn't provide updates),meaning there are almost infinite vulnerabilities that will allow to leak the keys.