TL;DR
- Efforts like Graphene OS face increasing pressure from apps that refuse to run on non-standard Android.
- The custom ROM project characterizes Google’s approach to device attestation as incomplete and flawed.
- Graphene OS is prepared to take legal action if Google won’t let it pass Play Integrity checks.
Thankfully there are FOSS alternatives for apps like Authy. I recommend Aegis
For your banking app, you can use this list to check if it’s compatible: https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
Using the web app might also be an option.
Thanks for the tips, I’m a happy Aegis user already! Thankfully, my main bank explicitly doesn’t care about custom roms and I’m thinking I’ll just cut ties with the ones who do and let them know that was the reason at this point. Worst case scenario, I still have my locked down old phone.