Another great thing about GrapheneOS (besides security) is that Google Play Services can be installed without elevated privileges and even in a separate profile which can't run in the background. This makes the phone suitable for both normal usage and for those cases where you need to use some "official" app.
It passes Play Integrity "MEETS_BASIC_INTEGRITY" but of course doesn't pass higher levels but not because it's insecure - it's because it refuses to grant GMS elevated privileges. Good news is that banking apps can whitelist GrapheneOS using standard Android attestation mechanism (and some already did).
My bank (largest local in my country) shipped a beta version of their app where my pixel8p with grapheneos was flagged as insecure this summer.
Called them up, explained the issue and a couple days later a new build without the issue appeared for install.
https://xkcd.com/1200/
this is actually not the case on modern android lol
>Thanks to GrapheneOS, I keep my banking app, my gmail, my social media, my candy crush, and my nudes together with google play services monitoring it all safely sandboxed away from the private profile with my F-droid notes app and an SSH terminal.
How?