What stops one from selling access to that USB dongle over the internet, anonymously doing thousands of verifications per second, cardsharing[1] style?
With Google Play Integrity Protection, each such verification needs a human physically clicking buttons on the device, which makes things much harder.
