Also the banks already just plain restrict access on the web, unconditionally, by making a smartphone app a mandatory auth / confirmation factor. And the app itself, of course, makes full use of Google's attestation APIs like you describe.
So at this point allowing for the web to be nearly as secure as a native app would allow for these sites to potentially start working on the web again.
I've commented to this point in the past, but I don't care about the web winning, I care about the things that make the web the web -- user-controlled agents, being platform-agnostic, extensibility, etc...
If we're willing to give that stuff up in order to bring native apps back to the web, then we can save a lot of time and effort and just redefine the web to include mobile apps and get Google to re-label all the native apps in the Play Store as webapps and change nothing else. Then those apps will technically be on the web! No developer changes even needed, the web won! /s
The problem is not that the banks aren't on the web. The problem is that the banks deny user-agency. That's the problem I want to fix by bringing apps to the web. My goal is not to get the bank app served over an HTTP request, I don't care about that part. I don't care if the bank's interface was written in Java or Javascript. I don't care if the bank is caching data in service workers or on disk.
My goal is to get the bank app to respect user-agency, that's the part I care about.
If we make the web into a native environment, then it doesn't matter anymore whether or not app developers are using it. The web forcing developers to support user freedoms is the primary reason we want webapps. The web is a means to an end, not an end in and of itself.
