The private key used for attestation is stored in the secure element hardware, which runs its own OS, completely inaccessible to the main hardware's OS, even with root.
Some apps don't actually check the attestation signatures, so they could be spoofed for now, but if spoofing became common, apps would just get strict about checking attestation.
The private key used for attestation is stored in the secure element hardware, which runs its own OS, completely inaccessible to the main hardware's OS, even with root.
Some apps don't actually check the attestation signatures, so they could be spoofed for now, but if spoofing became common, apps would just get strict about checking attestation.
Parts of it are, parts of it aren't. Some of it is based on hardware attestation.