Depending on the app or service being used. Occasionally i have seen some apps refer to a build property value or perhaps what is shown in one partition (vendor maybe?) Versus looking some other location.
Others like youtube (i think uses a VM) as the video player, if you look at the "copy debug info", and view the metadata there, you would see YT thinks the device is running Android 10..
My worry here is if a Server is profiling devices and looking for vulnerabilities, wouldnt servers go after these devices first? Kinda like a thief trying to steal an unmarked police car , only to open the door and see a swat team gearing up rather than granny with groceries...