Comment by bossyTeacher

The issue here is the Google-only remote attestation nonsense. It seems pointless to me. A device passing Google's attestation check tells you nothing. The device could well have malware on it and you won't know it. Integrity is a misnomer. The integrity scope is tiny.