Is this still in place? I’ve skimmed the paper: is the assertion that major hardware vendors are shipping Android devices with pre installed (sometimes non public) libraries (from Meta for example), which have wide data access permissions including potentially the ability to decrypt sensitive wire/rest data (via certs)? And they are still doing this???