you won’t be able to use that to verify the integrity of the system when the worry is that its creators are dishonest. you may be able to verify that something has happened (e.g. a successful attestation), but you won’t be able to tell if the attestation was actually executed for your device and the app in question, or it was proxied to another device the devs run to fake attestations.
Public key cryptography and signatures are common technologies nowadays.
you won’t be able to use that to verify the integrity of the system when the worry is that its creators are dishonest. you may be able to verify that something has happened (e.g. a successful attestation), but you won’t be able to tell if the attestation was actually executed for your device and the app in question, or it was proxied to another device the devs run to fake attestations.