The private key used for attestation is stored in the secure element hardware, which runs its own OS, completely inaccessible to the main hardware's OS, even with root.
Some apps don't actually check the attestation signatures, so they could be spoofed for now, but if spoofing became common, apps would just get strict about checking attestation.
Some apps don't actually check the attestation signatures, so they could be spoofed for now, but if spoofing became common, apps would just get strict about checking attestation.