There is something about auditor I am a little confused on.. In the scenario a user's phone is infected with malware, would it matter if the user had performed initial pairing BEFORE or AFTER the malware infection? Would the result be the same regardless? Or could the malware manipulate the results displayed on the screen?