No, they’re absolutely not. Check out tricky store and play integrity fork to see how we’re faking a trusted environment on custom and rooted roms. You can pass new basic+device integrity (equivalent to old strong) with a valid unrevoked keybox on A13+ and strong on <A12.
It’s a new stage in the arms race for sure but it’s still possible to bypass until all of the keys used to sign keyboxes are revoked.
Edit: the device fingerprint is just as important as the keybox too, either can cause you to fail integrity checks. It’s way more annoying to manage than the legacy “just flash PIF” bypass ever was.
It doesn’t make it “tricky”, it makes it impossible.
Stares at rooted A13+ phone passing 2/3 new integrity checks
It’s possible, but it’s annoying.
Those are the wrong integrity checks
No, they’re absolutely not. Check out tricky store and play integrity fork to see how we’re faking a trusted environment on custom and rooted roms. You can pass new basic+device integrity (equivalent to old strong) with a valid unrevoked keybox on A13+ and strong on <A12.
It’s a new stage in the arms race for sure but it’s still possible to bypass until all of the keys used to sign keyboxes are revoked.
Edit: the device fingerprint is just as important as the keybox too, either can cause you to fail integrity checks. It’s way more annoying to manage than the legacy “just flash PIF” bypass ever was.
Troja has been impossible to conquer. Until.