The future of safetynet

I would like to directly write a post regarding the future of dokkan if safetynet is finished to my patrons.
Some do not know everything that's going on regarding it so here are some of the things that will be affected & how they will be affected:

• How the login works:
When you open dokkan you receive json/data put into root storage & an encoded JWS known as the attestation from safetynet.
(Whatever is in the json it's in the attestation.)
This json contains device integrity information & APK package name + hash.
you login your account through a request to their game servers & with this request you also send the SN attestation.

• external solutions
There may be an external source that can force your safetynet status to pass on the device which might allow things to get by.
Also, it is not confirmed but using an old device version that does not have safetynet might bypass but they may outdate the app to these device versions.

• What they're capable of:
It is possible that they can put data such as a key to login inside the attestation data.
Without the key nobody can login.
But this is not practical as the nonce is intended to be a one time use for SN as stated.
Currently the attestation does contain your account ID in the nonce so dokkan is passing data from app to Google SN to receive the json.

• Bots
With the addition of SN attestation required upon login if bots do not have a way to get an attestation they cannot login.

• dbz.space / wikis
dbz.space operates the same as bots.
Some wikis do as well but most take assets from dbz.space + other sources to maintain the wiki.
Without login they cannot fetch these assets period.

• Root
Root is considered a tampered device which is locked out by the game servers attestation check.
(However, a forged safetynet status may let it login.)

• Emulators
Emulators are also considered tampered devices.
Flags which the game server most likely will lock out once it's finished.
Especially if the emulator is rooted.
(However, a forged safetynet status may let it login.)

• Mods
It is possible for mods to be used if the game server does not lock out wrong APK hashes or package names within the attestation.
A safetynet forged status may let a mod in but it hasn't been proven to my knowledge.
It might be possible to mod "SafetyNetHelper.java" but this takes a much higher IQ than the other solutions.

• Datamining
The same as bots these projects cannot fetch assets without login however, that's just the automated aspect of datamining. They can still get assets manually through an emulator.
If emulators are locked out then they would have to access root storage on a phone after data-download & transfer files to PC via USB to unpack them.
Mods might be able to re-route the root files to external access such as if root is blocked.
All of these solutions really aren't ideal compared to automation.
(But a forged safetynet status may let manual or mod datamining work)