As for all the #Junk: Just don't put #Google's #enshittified #Android on and instead go with like @e_mydata / #eOS or @LineageOS / #lineageOS.
https://www.youtube.com/watch?v=ZpPiZiqWjyA&t=342s
I don't expect the folks of #GrapheneOS to ever get reasonable anymore as they sold out to #Motorola and are #Bootlickers trying to appease #Cyberfascists by enabling #Apps to demand " #DeviceAttestation "
- Which by design is #malware because noone but the owner & user has the right to inspect and attest the device...
#GrapheneOS: https://grapheneos.org/articles/attestation-compatibility-guide has a list of apps that are banning GOS due to questionable practices of #deviceattestation
Edit: Also helpful: https://github.com/PrivSec-dev/banking-apps-compat-report -> "Report and track banking app compatibility with GrapheneOS, including which workarounds may be required."
Regarding Managed Device Attestation aka ACME device attestation support: if you hadn't already started to figure out your ACME PKI needs and (hopefully) its implementation given that iOS and iPadOS have had a full year of support, with macOS joining the party it is now REALLY time to start figuring it out. Depending on how old/custom/vendor locked in your current PKI is, adding ACME may be anywhere from simple to HOHHHHMYGODWHAT. But it's PKI, so let's face it, it's hardly ever simple.
Get ACME’ing my pretties! Fly!
TelH90
Karl Voit 
Pepijn Bruienne