Will once again re-up the concept of a “right to root access”, to prevent big corps from pulling this bs over and over again: https://medhir.com/blog/right-to-root-access
The more measures they take to secure it while allowing the user to decide whether to participate, the more drastic this opt-out user-decision becomes.
In order to now preserve that "open ecosystem", they would have to provide the user an option to disable Google Services entirely, which would turns the device almost into a separate product
All this is unlikely to happen just for the sake of "pleasing the community", I believe we need a general legally binding definition of what functions the user owns if (and when) a device is stripped of any services on top.
If my car loses functions once it loses connection to the manufacturer, this bare set should be communicated as the purchased value ("in exchange for your money"), separately from any on-top "in exchange for your data" business-model
Feeling like the optimum solution is to just have two devices. Your phone that has all of your banking, ID, etc. and another device that’s completely open, can install whatever you want on, but doesn’t matter too much if it gets hacked.
But I feel the issue is less about malware gathering your banking, ID etc, but malware holding your data hostage, using your (social) network for nefarious purposes or tricking you into something you don't want to do.
And for all those cases, having that "other" device doesn't help.