Comment by CommanderData

Play Store has an attestation API, Google could simply make it harder to run banking apps and similar if you run GrapheneOS. Something like requiring banking apps to use a stricter mode. GrapheneOS even mentions it's not easy spoofing this entirely as it change often on the FAQ page.

There's only so much you can do as a maintainer of a custom OS like Graphene before its too hard to maintain. I don't think there's enough coming in by way of donations to play catch-up.

Need legislation quick. But I suspect the EU doesn't want side loading either in the grand scheme of surveillance.