https://bmi.usercontent.opencode.de/eudi-wallet/wallet-development-documentation-public/latest/architecture-concept/06-mobile-devices/02-mdvm/

@pojntfx what bothers me more is that they appear to forbid OS downgrades

@pojntfx reading the documenta I don't think so... At least as far as I understand they list the available signals and then they state whether these signals are used in the rightmost columns. And the play integrity related signals are listed, but mostly unused, apart from SDK version and whether there are apps that may capture content from the verification app. To quote their description of device integrity:

> rooting via unlocked bootloader, unknown system image (e.g. custom ROM), loss of root of trust (e.g. manipulated boot sequence) + Google proprietary backend MDVM verdict to identify compromised devices (we do not know what they are actually doing in their backend)

They also state that it isn't used.
To me, this actually seems quite good