> You can fairly easily build and flash a rooted version of GOS yourself.
This won't be signed with the right attestation key because I'm not them.
My understanding is that attestation is tied to the distribution's private key, so this government software wouldn't trust my version of the OS, assuming the govt could be made to understand Android's attestation framework is a vendor-neutral way to achieve the same goal (whatever goal that may be). With a rooted GOS, I'd still need another device, tied to my government identity, of which I can't verify what it's doing, much less control it
This won't be signed with the right attestation key because I'm not them.
My understanding is that attestation is tied to the distribution's private key, so this government software wouldn't trust my version of the OS, assuming the govt could be made to understand Android's attestation framework is a vendor-neutral way to achieve the same goal (whatever goal that may be). With a rooted GOS, I'd still need another device, tied to my government identity, of which I can't verify what it's doing, much less control it