An adversary could use knowledge of the techniques used by security software to evade detection. For example, some mobile security products perform compromised device detection by searching for particular artifacts such as an installed "su" binary, but that check could be evaded by naming the binary something else. Similarly, polymorphic code techniques could be used to evade signature-based detection.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.
Mobile security products can use attestation to detect compromised devices.