There won't be a reasonable way to bypass it as it requires a Google authenticated manufacturer to leak the keys or an TEE exploit.

All public key boxes are banned and Google regularly bans new ones . That endpoint contains the list of revoked keyboxes : https://android.googleapis.com/attestation/status

> Unfortunately the answer here is to not abide by the law

You realize in Viet Nam this means getting a "friendly" visit by the MPS/BCA, and if you continue eventually getting branded as a troublemaker.

I'm assuming you would do this out of a political reason, or as a very technical and privacy aware user.

But you are providing an alibi for malicious users who, for example, might try to brute force logins from unidentified devices.

That would be one reason aside from the law. You are essentially positioning yourself on the same side as intruders.