> many manufacturers don't restrict flashing a different rom
Manufacturers don't, but app makers do. I know people running on LineageOS that have to keep a second smartphone on stock Android for their banking authenicator app (which fails on Lineage because it's not the manufacturer-supplied ROM and that supposedly means it's been hacked).
If it couldn't be fooled through software (and there are sandboxing solutions to run stuff that needs google services etc) I don't think I'd stay with such a bank.
Manufacturers don't, but app makers do. I know people running on LineageOS that have to keep a second smartphone on stock Android for their banking authenicator app (which fails on Lineage because it's not the manufacturer-supplied ROM and that supposedly means it's been hacked).