"strong integrity" also takes into account if a security update has been installed recently enough. I don't believe hardware integrity spoofing has been accomplished on Android yet. Software integrity and compatibility with old hardware has been used to spoof device IDs and pretend a phone doesn't have the ability to do hardware attestation.

It's technically possible to exploit a kernel and get root access on a running device, of course, but the persistent root that is used most often will be detected by hardware integrity mechanisms. Exploit based root might be as well if it makes itself detectable enough.

[delayed]

> "strong integrity" also takes into account if a security update has been installed recently enough.

My Galaxy S10, last update in 2023 passes strong integrity.

With the little amount of security updates most Android devices have, I'm pretty sure you can find an exploit for pretty much everything except the most expensive flagships.

What does integrity really means when nobody really knows what's in the device and with a terrible software update policy anyways.