Normal conflict detection is based on the version vector of the file, where we can detect concurrent modification. The untrusted variant of files don’t get the real version vector, they get a fake one that always has just one member with a version that is the send time in Unix nanos. This means that a wall-clock-newer untrusted file will always look like a linear descendent of all other versions of the same untrusted file (assuming correct clocks). So it will be accepted as the newest without conflict by any untrusted device, and in the end passed on to a trusted device who might see the real conflict and act on it. But there will never be a conflict between untrusted devices. (Unless one is intentionally introduced, but that will then be a file without encrypted metadata and it will be rejected by normal devices.)
You’re entirely correct on the second part. An untrusted device can elect to ignore any and all updates and not pass them on. They could be even devious and announce them back so they look in-sync to the originator, but then not tell anyone else.