There's no point. Remote attestation means your device needs to be corporate owned to be trusted. Even if you had your own linux phone, it wouldn't be able to interface with institutions such as banks and governments. They trust Google's keys, not yours. This doesn't quite end free computing, it just kills it for normal people and ostracizes us hackers who insist on owning our systems.
Some banks have added their verified boot keys. I think it helps that GrapheneOS is well-known by now for great security practices (most likely more secure than all vendor phones out there).
Credit unions, at least in theory, are known for caring more about their customers. It'd be worth explicitly giving them the feedback that you use them via their website or via an app that works on an Open Source phone, and telling them that that's one reason you're a customer.
Fraud prevention. If they lock things down, they lose less money to fraud. I think they should just have to suck it up and eat the cost but obviously they don't think that way. Only a small minority even understands and cares about these issues. The money they save by trampling over our freedom is no doubt much higher than the value brought in by us. They will no doubt sacrifice us for increased profits if we force the issue. We have no leverage.
There is no reason whatsoever for a major corporation to not use remote attestation technology. Banks will use it because fraud. Streaming services will use it because piracy. Messaging services will use it because spam, bots. If you're the corporation, the user is your enemy and you want to protect yourself from him.
Governments want this too. Encryption. Anonymity. They need to control it all. Free computers are too subversive for them. They cannot tolerate it.
> If they lock things down, they lose less money to fraud.
[Citation Needed]
I see this kind of claim made often, but never backed up with evidence that remote attestation of consumer devices has any real-world impact on fraud. It sounds like it could be true because it would detect compromised devices, but it could just as easily be false because people with devices that don't pass are usually technically sophisticated.
