Google isn't banning hardware killswitches in their compatibility definition, so a phone with such switches can still ship Play Services.
The main stumbling block here is that Google wants to tie users' hands in certain aspects, and many of these OSes are specifically designed to undo that control. GrapheneOS does a bunch of stuff to improve security that absolutely could be incorporated into a Play Integrity authorized build. But it also does a bunch of stuff in the name of user privacy that Google would never sign off on.
For example, there are apps[1] that refuse to work without a GPS lock, for a variety of reasons ranging from "I save money on streaming rights by only letting you watch in a specific country" to "I need to know if you're a criminal trying to stuff our banking app with stolen credentials in a foreign country we can't prosecute you in". Some of these reasons are pro-user, some are user-hostile[0], but all of them require handcuffing the user, so Android cooperates with app developers instead of you.
All the permitted ways for a user to manipulate their location are transparent to the application. That is, if you mock your location, the application is told it's fake and can refuse it. Likewise, if you turn off location, the application is told it didn't get a fix. Hardware killswitches are just a more powerful / legible way to turn off location. If the phone instead had a hardware GPS signal spoofer in it, Google would absolutely ban it from Play Integrity.
[0] And, for the user-hostile reasons, those are the terms of sale, so Google cooperating with the user would just get the app taken away because the entertainment conglomerates are big enough to oppose Google's market power.
[1] Client and server inclusive, i.e. "an app is just a website with enough IP to make it a felony to block ads in it". Play Integrity exists specifically to frustrate attempts to modify the client. If you modify the client or the OS it lives in, Play Integrity's signed data will have the wrong hashes in them, and the server will refuse service to you.
> But it also does a bunch of stuff in the name of user privacy that Google would never sign off on.
I don't think that's necessarily true. It's actually kind of confusing to me that Google doesn't whitelist GrapheneOS. According to their website [1]:
> GrapheneOS not only upholds the app security model but substantially reinforces it, so it cannot be justified with reasoning based on security, anti-fraud, etc.
Ever since I discovered this article, as a GrapheneOS user, I've felt sort of conflicted about it. On one hand, it would be good to see more apps support GrapheneOS. On the other hand, as a FOSS advocate, it irks me that I can't make arbitrary changes to my OS without taking the risk that certain apps might stop working for no reason [2].
It also places GrapheneOS in a bit of an awkward position as a open source project, where it's possible that they might be forced not to include certain features because they made this promise to banking apps. For example, they would probably not accept a location spoofing feature that can't be detected by app developers, because banking apps could no longer trust the OS-provided APIs.
But again on the other hand, this policy means it's not off the table that Google might whitelist GrapheneOS in Play Integrity one day, which I think would be a good thing (of course there's business interests at play here, but there's no valid non-business reason for them not to).
Overall, the entire mobile phone ecosystem depresses me. I just try to avoid using my phone as much as possible, and keep the number of installed apps to a minimum. I'll probably give the iPhone a try if they ever start allowing sideloading (wishful thinking). Unfortunately it seems like it may become unsustainable to avoid placing full trust in your phone's manufacturer, and I'd only be comfortable giving that to Apple, not Google or Samsung.
[2] It should be noted that, as of today, I don't think any banking app has added explicit compatibility for GrapheneOS. AFAIK all the banking apps that work with GrapheneOS also work with any (non-rooted) open-source Android alternative. As a sidenote, I currently work around this issue entirely by simply using my bank's website instead of their silly app, and this will continue to work as long as hackers continue to fight against Google's dystopian plan for the web: https://en.wikipedia.org/wiki/Web_Environment_Integrity
In a world where the iPhone exists and there's no effective regulations against their obvious anti-competive behavior (even the EU's DMA hardly did anything), I doubt any U.S. court will take them seriously, but I guess we'll see.
iPhone isn't a great comparable because their crime is one of bundling copyrighted property in a way we hate. And the law is extremely deferential to the interests of monied copyright owners. Android explicitly licensed their work as FOSS and invited others to build on their work, so bundling stuff this way is a lot more obvious an antitrust violation, and remedying the antitrust violation does not imperil any copyright.
To wit: the EU already got rid of the whole "Android phone vendors must not ship incompatible forks" rule. They did this so long ago that all the comments on the news articles about it have aged like milk. Most of us were still complaining that the EU was unfairly targeting US tech companies, rather than cheering on the EU for unfairly targeting US tech companies. And in the US, Google has already lost in court, against Epic, on a lot of antitrust issues. It would not be that far of a stretch to go to a court and say Google not whitelisting Graphene[0] is anticompetitive, and the main reason why that hasn't happened is primarily because Graphene is a small project run by a developer that harassed Louis Rossmann over something stupidly petty.
[0] assuming there's a CDD-compliant version floating around out there
The main stumbling block here is that Google wants to tie users' hands in certain aspects, and many of these OSes are specifically designed to undo that control. GrapheneOS does a bunch of stuff to improve security that absolutely could be incorporated into a Play Integrity authorized build. But it also does a bunch of stuff in the name of user privacy that Google would never sign off on.
For example, there are apps[1] that refuse to work without a GPS lock, for a variety of reasons ranging from "I save money on streaming rights by only letting you watch in a specific country" to "I need to know if you're a criminal trying to stuff our banking app with stolen credentials in a foreign country we can't prosecute you in". Some of these reasons are pro-user, some are user-hostile[0], but all of them require handcuffing the user, so Android cooperates with app developers instead of you.
All the permitted ways for a user to manipulate their location are transparent to the application. That is, if you mock your location, the application is told it's fake and can refuse it. Likewise, if you turn off location, the application is told it didn't get a fix. Hardware killswitches are just a more powerful / legible way to turn off location. If the phone instead had a hardware GPS signal spoofer in it, Google would absolutely ban it from Play Integrity.
[0] And, for the user-hostile reasons, those are the terms of sale, so Google cooperating with the user would just get the app taken away because the entertainment conglomerates are big enough to oppose Google's market power.
[1] Client and server inclusive, i.e. "an app is just a website with enough IP to make it a felony to block ads in it". Play Integrity exists specifically to frustrate attempts to modify the client. If you modify the client or the OS it lives in, Play Integrity's signed data will have the wrong hashes in them, and the server will refuse service to you.