For instance: The McDonald's app uses SafetyNet and won't run on an unlocked device.[1] Google doesn't place any restrictions on which types of apps can use SafetyNet. Banking apps tend to use it, but so do an increasing number of apps that clearly shouldn't need it.
(For the record, I don't think SafetyNet should exist at all, but if Google is pretending it's for the user's security and not just to allow developers to make it harder to reverse engineer their fast food apps, they should at least set some boundaries.)
It's frustrating that Google has fostered an ecosystem where not all "Android apps" work on vanilla Android.
I think a system to verify the integrity of the operating system and make the user aware of any changes is a Good Thing. Of course, the user should be in control of what signing keys are trusted and who else gets access to that information.
Instead, what Google has done is allowed app developers to check that the user isn't doing anything surprising - especially unprofitable things like blocking ads or spoofing tracking data. Since Google profits from ads and tracking, I must assume a significant part of their motivation is to make unprofitable behavior inconvenient enough most people won't do it.
(For the record, I don't think SafetyNet should exist at all, but if Google is pretending it's for the user's security and not just to allow developers to make it harder to reverse engineer their fast food apps, they should at least set some boundaries.)
It's frustrating that Google has fostered an ecosystem where not all "Android apps" work on vanilla Android.
[1] https://twitter.com/topjohnwu/status/1277683005843111936