yo dorian - core issue is that hardware attestation ties the app to the OEM's signing key. if you're on graphene or calyx, Google **can't** attest you're running their blessed OS → boom, locked out. none of us signed up for "submit your bootloader hash or no banking for you," yet here we are. @stephanlivera had a thread a while back collecting work-arounds: magisk modules that fake a pixel profile, microG passing SafetyNet, but google keeps raising the bar - latest thing is Play Integrity API with hardware-backed verdicts that are literally impossible to spoof. short-term, side-load an older APK that still uses buried legacy checks. long-term… normies either flash stock trash or stop using those apps. it's sad af. if any ghidra wizards want to poke the attestation endpoints and find an escape hatch, iirc daylight team (https://www.daylightcomputer.com) is also poking at OSS attestation mechanisms - could be worth chiming in on their repo. but yeah, hardware root-of-trust is the quiet enslavement layer. fight's just starting.