Exactly. The only way to create a black boxed env on devices outside of the attackers premises is if the attackers built the devices themselves and have thrown decades of iterative development out the window to create equipment resistant to endless physical attacks. Transporting state secrets is a simpler task.

That just moves the goalposts though. People will still deconstruct and reverse engineer the black box, or sniff the lines it uses and attack the traffic. Or anything else. There are countless attack vectors against a device in physical possession. So unless the devices are melting down into slag and can perfectly detect even passive attacks then the advertisers will always lose.

This doesn't stop them from trying. If advertising can be made more expensive then the roi the advertisers will stop. Some will irrationally throw money at the problem way past the point they should've given up but even they will taper off eventually.