[nerdsniper]

Superficial spoofing is pointless - any app that cares would just use the Play Integrity API (which can't be spoofed by GrapheneOS).

0: https://developer.android.com/google/play/integrity/overview

[asdfsa32]

And lets not forget how pointless Play Integrity is for what it is being touted to be for, when there is millions of "Certified" devices ready for us by shady people via clickfarms.

[nerdsniper]

Well, those don’t have modified critical OS components or modified app binaries. So Play Integrity works for that at least.

[asdfsa32]

Unless the app has certificate pinning, the modification of app behaviour is also not guaranteed. Really, it is just a pointless exercise for most of the use cases.

[nerdsniper]

Any app using Play Integrity uses cert pinning. I wish play integrity was just theater, it would make my business a hell of a lot easier.