Not for long if Google has any say about it. Hardware remote attestation is here, and it's the number one threat to mobile computing freedom.
The future is one where everyone can, theoretically, install anything they want, but they get banned from everything should they actually do so. Rooted system? Attestation fails. "Oh no, looks like someone tampered with the system". Can't access your bank account. Can't communicate via WhatsApp. Can't watch something on the streaming services. Can't even play video games.
Discrimination against "untrustworthy" devices, where "untrustworthy" means not corporate owned. Leading to complete ostracization.
GrapheneOS already has their own attestation API that verifies the app is running on GrapheneOS. Since GrapheneOS is more secure than stock Android, security conscious apps like banking apps have a solid technical reason to use the API and support Graphene.
We just need to raise the profile of GrapheneOS and convince more banking apps to use this API, if they are already using Google's attestation API.
GrapheneOS's strategy for raising their profile and being seen as more legitimate is that they've formed a partnership with Motorola Mobility, who will be manufacturing Graphene compatible phones. <https://motorolanews.com/motorola-three-new-b2b-solutions-at...>
> Since GrapheneOS is more secure than stock Android, security conscious apps like banking apps have a solid technical reason to use the API and support Graphene.
Corporations don't use such things for technical reasons. Their reasons are political. They want control. The "security" they talk about isn't the user's security, it's their own security from the user.
> We just need to raise the profile of GrapheneOS and convince more banking apps to use this API
And until they do, GrapheneOS is permanently at risk of being shut out of the market.
And even if they do, it just means we've become dependent on GrapheneOS. They won't trust our keys, only those of corporations. Our freedom is still compromised.