Impressive. Here is the blog post (also linked from their github) that talks about the bypass (the tldr; is that they rotate through public keys in a deterministic way, so Apple’s protections think it’s a new device each time and thus don’t warn about a persistent tracker).

https://positive.security/blog/find-you