It's impossible to brick a Pixel while flashing GrapheneOS, thanks to their super easy to use Web-based installer, and Google's great support for alternative operating systems, which also makes the installation process easier and safer.
If you mess anything up, you can always restart from the beginning and get it fixed. You can't break a Pixel during flashing.
Any reasons for that?
which kind of kills half the point of using GrapheneOS in the first place
Absolutely not. Google Play services are much less invasive on GrapheneOS compared to other ROMs or the stock OS, since they run in the normal Android app sandbox, just like any other app you install. You can control all permissions, and uninstall them at any time. They do not get any special privileges, as it would be the case when running stock Android. You can also confine Play services in a separate user profile or in a work profile through an app like Shelter (user profiles offer better isolation).
If you’re not (e.g. you install via Aurora), then it’s incredibly unlikely your bank will work.
As I said, it highly depends on your specific bank. My bank in Germany works totally fine on GrapheneOS without Play Services. YMMV. That's why I linked to that list.
I wouldn't give such a general statement. It really depends on your bank. There's a very handy list at https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
I vaguely remember using it like 10 years ago when it got pre-loaded on a Samsung Tablet I bought… fun times…
It seemed to me like a combination of a news app and a social network
As far as I know you can power down a Pixel at any stage by holding the power button for over a minute. Had to do this a couple of times when I flashed a bad ROM and got stuck in a bootloop.
I’d say it’s the best mobile app we have right now
It still uses the TPM by default, instead of requireing a passphrase to be typed in on boot to unlock the keys. This still makes it an insecure mess.
https://yewtu.be/watch?v=wTl4vEednkQ
https://github.com/stacksmashing/pico-tpmsniffer
https://github.com/stacksmashing/LPCClocklessAnalyzer
Microsoft NEVER cares about your security. They just do the absolute bare minimum for compliance with stupid standards, and then advertise it as some crazy security improvement. Corporations lie to you all the time. If you want some actual security, you need to start using FOSS software. Most importantly a FOSS, Linux-based OS, and set it up with LUKS passphrase-based encryption.
It’s not controlled by one single entity. Everyone can spin up their own instance and host their communities, and you can block instances that deserve it. And the software is completely open source and stuff, and it obviously works with all kinds of third-party clients and doesn’t try to monetize the API. And we don’t have spez, so that’s of course another benefit. And no ads! I could go on and on…
Definitely go ahead and tell your bank that you are annoyed by their mobile app only working on the stock OS. Call them, send them an email, whatever. If enough people complain or even threaten to switch banks over this, they might add better support using actual secure hardware-based attestation, which also works on GrapheneOS.
I even switched banks because of their ridiculous requirements for the mobile app, just so I could continue using GrapheneOS. I know that Graphene is much more secure than any other Android-based OS, and running my banking app on it is much safer than on another device. Banks should finally realize this too, which is why we need to complain.