This is untrue in reality. Literally I used more than 5 banking apps, and few investement ones (including 1 in the US). I could log in to all of them through a browser, using a phone number 2FA, or a proprietary authenticator of the bank (a physcial device). Never a bank forced me to use their app to login. It's an option though (and a convenient one). If that end up ever to be the case, I am for sure not using a google phone to do so. iPhone it is.

And here is the funny part. On my A13 Android (fully rooted, BL UL, custom ROM) I can totally bypass play integrity, using the keybox method. There is literally no way for google to patch this. I am yet to get it working on A16, mainly for lack of time to tinker, also because OP15 has no sources released yet to build ROMs for it, which is the main motivator for me to use an Android phone.

The takeaway is this: Google promotes "Play Integrity" (PI) as a working solution against "tempered devices" (ie. because god forbid you have sudo access on your device). Yet, it's easy (albeit a bit complex as you have to know the right telegram groups) to bypass it. PI gives the illusion of security, yet in reality it counter-solution exists. Real bad actors would have 0 issues doing what they want to do, the real impact is deterring users from open source roms like Lineage, simply because their bank app wouldn't work, which imo is Google plan all along masquerading as security feature. Google's main business is ads, and hosts based ad blocking is extremely easy once rooted.

Their recent moves align well with this (slow rollout of open sourcing, QPR2 is still not out yet, antagonizibg 3rd party stores like f-droid), all in the "name" of security.

Interesting. I just moved to Android from iOS with the idea of eventually switching to GrapheneOS, but was scared that my apps will randomly stop working as soon as Google catches up with the hacks. From what I heard it's a cat and mouse situation, they patch things, then android community finds a way. I do not want to find myself in a situation I need to use my bank or government app and fail because Google just caught up with the hack.

So what you're saying is that you can have it permanently 'fixed' with no shenanigans like that?