It seems to me that comments here are reading this as saying attestation is bad, when the real argument is that attestation should explicitly provide a path of inclusion for non-Apple and Google providers.

The headline seems to make the statement that Apple and Google are evil and doing this for monopoly lock-in, and GrapheneOS, a competitor, will stand for the people against that. But given their final counterpoint is that they should have been included too and they rant about being rejected from Google's Play Integrity API for unclear reasons they claim are malicious, it seems they do acknowledge there's security value here: we do critically need for full-chain-of-signature attestations for critical identity data, the only way to avoid someone using AI to create fraud identities trivially.

That is not what GrapheneOS is saying. They mention their exclusion as proof that attestation has nefarious motives, not because they would be OK with it otherwise