I wonder, if there were an open platform to exist that people use increasingly, maybe that would be incentive enough for at least one bank/financial app to permit that platform just to get a competitive advantage.
In the meantime probably the best that can be done is having a regular phone and a banking phone.
Maybe the answer is to put whatever the banks etc need on something like a smartwatch. Smartwatch + phone is better than two phones IMHO and they're so tedious to use/install anything on that it reduces the attack surface for hackers etc. Tap to pay or digital signatures or identity, passkeys etc via a smartwatch interaction seems like a good use case. Sort of a souped up yubikey. I don't know how good biometrics is on watches nowadays but my Pixel phone has some sort of camera behind the screen to read fingerprints so I can't imagine its impossible. Even adding a capacitive pad on a band seems plausible. Who knows, I don't feel like biometrics have been a real focus of design in the smartwatches I've used.
Personally, I have found smartwatches fairly useless (I do enjoy the activity tracking and notifications but that's not much really) so freeing my phone from bullshit by moving some functions to a watch could increase the value/utility of a some sort of smartwatch. Ultimately, it doesn't need to be that "smart" even.
Still, the problem is that if you go this way, you'd have to put almost all useful functionality of a modern phone on a smartwatch, at which point you could just ditch the phone.
It's not just one tiny use case that's pushing us down the road of increasingly locked down devices. It's most use cases - because no matter the service, it's more profitable for the provider to control what you can and cannot do.
I don't think that's actually true? That's like insisting all useful functionality would have to be moved to a smartcard/yubikey/bitcoin hardware wallet/TPM etc. The main reason this is an issue is to prevent emulated hardware tokens. If you can disable secure boot, you can emulate secure elements and then things that others (i.e. your bank, government, etc) believe are carefully controlled secrets are not.
Doubtful - the costs of supporting it far outweighs any gain they'd have. In case of banks, the costs of supporting aren't just about developing software for an additional platform, but also insurance premiums and managing fallout of hacks (which always eventually happen) - both of which would go way up, as the company would be voluntarily supporting endpoint decides that are less secure than "industry standard" minimum.