That’s the only way I’ve seen it done prior. The unknown questions with bigger ramifications are:
- Backdoors
- Internal corporate spy/informant
- Targeted device exploitation/exfiltration
- Cryptography failures
- Something something synced cloud storage