The complaint isn’t, “banks allow connections from browsers that might be compromised!”
The complaint is, “banks claim they cannot allow apps to run in scenarios where they can’t determine if anything is compromised but have been perfectly fine doing it and continuing to do it in the case of browsers, so their stated reason sounds like bullshit.”
Those complaining about Google wanting to add attestation either didn’t want that in the first place, or don’t want the trade-offs required for such a thing to work. Like remote banking requiring using a corporate-approved platform and ad blocking not being as agile.
The complaint isn’t, “banks allow connections from browsers that might be compromised!”
The complaint is, “banks claim they cannot allow apps to run in scenarios where they can’t determine if anything is compromised but have been perfectly fine doing it and continuing to do it in the case of browsers, so their stated reason sounds like bullshit.”
Those complaining about Google wanting to add attestation either didn’t want that in the first place, or don’t want the trade-offs required for such a thing to work. Like remote banking requiring using a corporate-approved platform and ad blocking not being as agile.