Could you provide some insights there? That would be appreciated.

1. Is it correct that the secure boot protects again a malicious app escaping the sandbox and persisting into the system?

2. Is it correct that if the system is signed with the Google testing keys, then someone could sign an app with those keys and the app would get more permissions than it should (I believe it's called the "signature" permissions)?